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MICROSOFT MODELING 
IS ON THE RUNWAY 

New tool embraces, extends UML 



BY JENNIFER DEJONG 

UML and more. 

That sums up Microsoft 
Corp.'s approach to modeling, 
which it announced as part of the 
Visual Studio 2005 Team System 
strategy at its Tech-Ed confer- 
ence in late May in San Diego. 

Elaborating on the new 
modeling strategy, Microsoft 
last month explained why the 
class designer promised for 
Visual Studio 2005 Team Sys- 
tem — to be called Class 
Designer — is based on its own 
modeling notation, not on the 
Unified Modeling Language. 

"Our Class Designer doesn't 



deviate from UML for the sake 
of it," said Prashant Sridharan, a 
senior product manager in 
Microsoft's developer division. 
But in some cases, the way UML 
maps to the Common Language 
Runtime (CLR) is not precise 
enough. For instance, the CLR 
supports partial types, he said. 
"There is no direct analogy for 
that in UML." 

Partial types — the ability to 
split a class across multiple files 
instead of storing it in one — is 
just one of many features native 
to the CLR that does not map 
directly to UML, noted Sridha- 
► continued on page 22 



Schwartz: 
Sun Will Open 
Solaris Source 

But with cheap Linux available, 
community is cool to the idea 



BY YVONNE L. LEE 

Sun Microsystems Inc. presi- 
dent and COO Jonathan 
Schwartz seemingly caught 
even his own company off guard 
at the SunNetwork Conference 
in Shanghai, China, in June 
when he stated emphatically at 




It's not 'if, but when/ for open- 
source Solaris, says Sun's Schwartz. 



a press conference that Sun 
would deliver an open-source 
version of the Solaris operating 
system. But the open-source 
community isn't falling over 
itself to embrace the effort. 

"I'd like you all to understand 
this clearly," said Schwartz. "We 
will open-source Solaris. We will 
deploy open standards to give 
developers choice." Schwartz 
added that it was not a matter of 
"if, but when" the company 
would offer its operating system 
under an open-source license. 

The remarks were made 
during a press conference in 
response to a direct question 
posed to John Loiacono, execu- 
tive vice president for Sun's 
software group. 

When asked during the con- 
ference, Schwartz did not dis- 
close details of which aspects 
of the operating system would 
be released under an open- 
► continued on page 17 



SCO Sees Vindication in OSDL Validation Plan 

McBride calls certification move proof that Linux code origin uncertain 



BY DAVID RUBINSTEIN 

The decision by the Open 
Source Development Labs to 
institute a Linux Developer's 
Certificate of Origin validates 
The SCO Group Inc.'s position 
that there haven't been strong 
controls over what code gets into 
the open-source operating sys- 
tem, asserted SCO CEO Darl 
McBride during an earnings call 
last month. 

"We believe this unchecked 
process has allowed SCO code to 
be entered into Linux," McBride 
said. He called the OSDL deci- 
sion "an admission of errors 



in the Linux review 
process." McBride 
added that the Certifi- 
cate of Origin program 
does not make the past 
issue of alleged intel- 
lectual property in- 
fringement go away. 

During the call, 
McBride said SCO 
remains focused on 
protecting its IP rights, 
and to building cash 
flow from its Unix busi- 
ness. McBride defended the 
company's position requiring 
Linux users to license the IP 
from SCO under the SCOsource 
plan, saying, "We didn't think 
not offering a solution would be 
fair." He claimed the licensing 
is a better alternative for busi- 
nesses that cannot afford either 
to wait for the resolution of court 
cases or to face possible litigation 
themselves over the use of Lin- 




'We didn't cause this 
problem/ says SCO's 
McBride. 



ux. SCO has lawsuits 
pending against IBM 
Corp. over IP in- 
fringement in Linux 
and Novell Inc. for 
libel, as well as two 
corporate Linux users. 
"The claims by 
Novell of what they 
sold or didn't sell 
to the Santa Cruz 
Operation has caused 
uncertainty," McBride 
said. "We didn't cause 
this problem. We've moved to 
protect our assets." The Santa 
Cruz Operation, now called 



SPECIAL REPORT 



Tarantella, sold its name and 
Unix assets to Caldera Interna- 
tional in 2001, which adopted 
The SCO Group Inc. name the 
next year. 

But Novell's claims disput- 
ing SCO's Unix ownership 
rights have affected SCO's busi- 
ness. For the second fiscal 
quarter of 2004 ended April 30, 
SCO reported only US$11,000 
in SCOsource revenue, com- 
pared with $8.3 million for the 
same quarter a year ago. 

McBride and CFO Bert 

Young, who joined the company 

► continued on page 22 
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New Directories Put UDDI on the Shelf 



BY YVONNE L. LEE 

A year ago, Universal Descrip- 
tion, Discovery and Integration 
(UDDI) was the laggard of the 
Web services standards, waiting 
as companies used Web ser- 
vices to integrate internal 
processes that did not need 
external public directory infor- 
mation. But even as the use of 
Web services beyond a compa- 
ny's firewall has grown, the 
directory standard continues to 
be sidelined as vendors build 
new types of directories and IT 
organizations discover that the 
UDDI service is not useful for 
many kinds of applications. 

Nevertheless, UDDI's pro- 
ponents say the standard even- 
tually will be useful, particular- 
ly in dynamic service-oriented 
architectures (SOAs) where the 
individual application compo- 
nents discover one another. 

While SOAP and WSDL 
have become the least common 



denominators for building Web 
services, UDDI has not been as 
necessary a component, so it has 
not been as widely adopted, said 
Jim Sweeney, director of product 
development at Wand Inc., 
which builds electronic directo- 
ries and also built the 
taxonomy for the 
public UDDI direc- 
tory built by IBM 
Corp. two years ago. 

"We see simple 
use of XML in a Web 
services environ- 
ment," he said. "As 
far as UDDI, and 
the standards that it 
was sitting behind, as 
least from our stand- 
point, we haven't 
seen any real interest 
or adoption." 

There are several reasons for 
this: UDDI isn't necessary for 
most kinds of Web services 
applications used today, people 




UDDI is the 'ugly duck- 
ling' of standards, says 
ZapThink's Bloomberg. 



have concerns over placing infor- 
mation on public servers, and 
UDDI can be cryptic, according 
to those who have worked with 
directories and Web services. 

Much of the early Web ser- 
vices implementation has been 
used to integrate 
internal processes 
and to make legacy 
applications avail- 
able via the Web. 
So, Web services 
weren't published to 
public directories. 

Further, organi- 
zations are build- 
ing Web services 
with trusted busi- 
ness partners that 
they already know 
rather than search- 
ing through a di- 
rectory to see who has services 
they need, said Sweeney. 

"I think that a business rela- 
tionship is going to be a lot 



WebMethods, for One, Believes in UDDI 

New platform built to publish services to a directory 



BY EDWARD J. CORREIA 

In the future, all Web services 
will be published through 
UDDI. That perhaps unlikely 
scenario is the outlook for cus- 
tomers of WebMethods Inc., 
which in June released Enter- 
prise Services Platform, a combi- 
nation of the company's Fabric, 
Glue and Integration Platform 
that it says not only turns any 
application, service or legacy sys- 
tem into a Web service, but auto- 
matically publishes them to a 
UDDI directory for easier inclu- 
sion in future apps. 

Graham Glass, WebMeth- 
ods' chief technology officer, 
said that for developers looking 
for cohesion as they piece 
together applications, UDDI is 
the only game in town. "Web 
services is the only standard 
that everybody is supporting. 
Now, if third-party software 
comes along and does a UDDI 
lookup, it will be able to auto- 
matically find other services 
exposed through the platform." 

Though Fabric has supported 
the Universal Description, Dis- 
covery and Integration spec 
since version 1.0, Glass said all of 
Enterprise Services Platform 
(ESP) is now integrated with the 
spec. "The benefit is ease of use 
and standards adoption. If you 



have a People Soft application 
and you're using ESP, you can 
attach Visual Studio to the Fab- 
ric UDDI, and all of the services 
exposed are available as a list box 
inside Visual Studio." 

But UDDI doesn't paint the 
whole development picture, 
which Glass believes may par- 
tially explain why its adoption 
has been slow. "In its current 
version, UDDI is not well suited 
for metadata about everything. 
If you're building an applica- 
tion out of parts, Web services 
is only one portion." Others 
might include portals, portlets, 
schemas and business processes, 
among other things. 

Glass said WebMethods has 
been looking at specifications 
for publishing metadata of oth- 
er types, such as the W3C's 
Resource Definition Framework 
(RDF). "This looks promising as 
a way to represent a broader 
array of metadata than simply 
that of Web services. And in 
[the forthcoming] UDDI ver- 
sion 4, there's a lot of work on 
leveraging RDF." 

But for now, Glass said Web- 
Methods will focus on adding 
service-level agreements to the 
next version of ESP. "If you 
have a particular service and 
want to ensure a certain thresh- 



old of performance, then some 
action can take place" if the 
threshold is met or exceeded. At 
deployment, the service would 
be placed in an SOA wrapper, 
he explained, and be monitored 
by Fabric. 

The Enterprise Services 
Platform is available now; Glass 
declined to disclose prices. I 



more involved than going to a 
public registry and typing in a 
keyword," he said. 

Finding services using UDDI 
can be difficult, said James Neis- 
er, chief marketing officer at 
Strikelron Inc., which has a pro- 
prietary Web services metadirec- 
tory that can work both with 
UDDI and other directories. 

"The implementation doesn't 
get you to where you need to go 
unless you are a really high-end 
developer," he said. 

FEAR OF GOING PUBLIC 

In addition, many organizations 
don't see a benefit in releasing 
details about their Web services 
on a publicly available server, 
said Tim Matthews, co-founder 
and vice president of marketing 
at Ipedo Inc., which makes 
XML development tools. 

"I think there's a huge con- 
cern over spyware and virus- 
es," he said. "It seems like 
there's only downside. What's 
the upside? There's no real 
pull from the user community. 
There's only downside in that 
you're opening up potential 
security holes." 

One of the big reasons 
UDDI isn't being used is that 
while the other two specifica- 
tions are vital, UDDI is not 
always necessary, said Pat 
Gaglione, COO of Picture Ser- 
vices Network Inc. 

"I think it has to do with the 
utility that UDDI brings to each 
individual application," he said. 



"In some, like mine, it's criti- 
cal. In others, you don't need it." 

Gaglione's application ties 
together Web services from 
companies involved in digital 
image processing. So photogra- 
phers can search a directory 
and find services performed by 
various photo finishing shops 
around the United States. 

Creating applications such as 
Gaglione's will be the key to 
making UDDI use widespread, 
said Jason Bloomberg, senior 
analyst at ZapThink LLC, an 
analysis firm that specializes in 
Web services. Bloomberg said he 
believes that although the speci- 
fication isn't widely used now, 
using the directory could lead to 
widespread creation of service- 
oriented architectures. 

"What we like to say is that 
UDDI is the ugly duckling of 
the core Web services stan- 
dards," he said. "Remember 
what happened with the ugly 
duckling? He turned out to be 
more beautiful than the others. 
UDDI can lead to dynamic dis- 
covery of services. In order to 
build an SOA, you have to build 
loosely coupled services." 

Many of these services may 
change and move, he said. So 
UDDI could facilitate this archi- 
tecture by dynamically locating 
resources instead of requiring 
developers to hard-code their 
changing locations, he said. 

"Instead you say, 'Whenever 
I need this service, I'm going to 
look it up,'" he said. I 



Kumar Takes Fall for CA 



BY DAVID RUBINSTEIN 

From chief executive officer 
to chief software architect to 
chiefly unemployed. 

That's the path taken by 
Sanjay Kumar, who stepped 
down from his roles at Com- 
puter Associates International 
Inc. last month in the wake of 
Securities and Exchange Com- 
mission investigations and 
charges against other top exec- 
utives that have left the com- 
pany with a completely new 
lineup at the top. 

In a statement released by 
the company, Kumar said, "It 
has become increasingly clear 
to me in the past few days that 
my continued role at CA is not 
helping the company's efforts 
to move forward." Kumar has 
not been charged with any 




After 17 years, Sanjay Kumar is out. 

wrongdoing. Kumar, who was 
at CA for 17 years, replaced 
Charles Wang as CEO in 2000 
and as chairman in 2002. 
Wang also has not been impli- 
cated in any wrongdoing. 

Under Kumar's watch, the 
company was forced to restate 



US$2.2 billion in revenue that 
the SEC claimed was report- 
ed improperly. Practices such 
as approving backdated con- 
tracts and booking sales for a 
quarter after that quarter 
should have been closed were 
among the accounting irregu- 
larities that led to former 
chief financial officer Ira Zar's 
pleading guilty. Three other 
executives have pleaded guilty 
to charges, and more could be 
handed down this month. The 
SEC has found an environ- 
ment driven by pressures to 
meet the financial expecta- 
tions of Wall Street and by ex- 
ecutives looking to earn and 
justify large bonuses. 

A company spokesman said 
the position of chief software 
architect no longer will exist. I 
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IBM Advances Aspect J Extensions 

Latest version has faster compilation and linking times, says company 



BY JENNIFER DEJONG 

Moving aspect-oriented devel- 
opment technology a step closer 
to the mainstream, IBM Corp. 
recently updated its Java lan- 
guage extensions, called AspectJ. 

AspectJ is an IBM-led 
Eclipse project that lets Java 
developers design or update 
applications that implement 
functions such as error check- 
ing and handling or event log- 
ging in a modular fashion, said 
Robert Berry, a distinguished 
engineer at IBM's Hursley soft- 
ware development laboratory in 
Winchester, U.K. 

AspectJ is based on the con- 
cept that containing the code 
for a function such as error 
checking in a stand-alone 
"aspect" — and then applying 
that aspect to the applica- 
tion — is more efficient than 
including multiple occurrences 
of the error-checking code in 
the application logic itself, 
explained Berry. 

New to version 1.2, available 
at eclipse.org/aspectj, is much 
faster compilation and linking 



times compared with the previ- 
ous 1.1.1 release. The compiler 
is about twice as fast, said 
Berry. And when used in tan- 
dem with AspectJ Develop- 
ment Tools (eclipse.org/ajdt), a 
separate IBM-led Eclipse pro- 
ject, a fourfold performance 
increase is possible, he said, 



noting that many developers 
use AspectJ without the accom- 
panying development tools. 

Also included in 1.2 is 
"ajdoc." Similar to Sun Microsys- 
tems Inc.'s Javadoc tool, it is 
essentially an HTML file that 
summarizes, for example, which 
methods a logging aspect was 



applied to, explained Berry. 

In addition, AspectJ 1.2 
automates the process of apply- 
ing aspects at load time, not just 
at build time. The ability to do 
so is useful for diagnosing prob- 
lems with resource use, such a 
database connection that was 
acquired but not returned, said 



Berry. While it was possible to 
apply aspects at load time in 
AspectJ 1.1.1, the process 
required developers to hand- 
write the code. 

Aspect-oriented technology 
is likely to make its way into 
IBM's WebSphere product line, 
Berry said. I 



Teamstudio Puts Enerjy Into Java Tools 



BY YVONNE L. LEE 

After taking note of IBM's 
experience with its Lotus user 
base, Teamstudio Inc. is inject- 
ing some Enerjy into its Java 
tools product line. 

In late May, the company 
spun off the Enerjy division 
that will be devoted to selling 
Java tools. It currently offers 
several testing products. 

Teamstudio began producing 
Java tools in response to IBM's 
attempts to migrate its Notes 
customers to Java, according to 
Teamstudio and Enerjy CEO 
Nigel Cheshire. However, that 
migration has been slow. 



"They really are two sepa- 
rate and distinct markets and 
businesses," Cheshire said. 
"When we first started to get 
involved with Java, a lot of the 
expectation was the 60-odd 
thousand users that we have on 
the Lotus Notes side would be 
migrating to Java. They really 
haven't done that." Organiza- 
tions faced too much risk to 
dump their Notes investment 
and immediately move over to 
Java, he said. 

So, his company, which has 
11 Teamstudio products, ended 
up with two separate customer 
bases, and the Java users were 



lost when they visited the com- 
pany's Web site and encoun- 
tered the existing Notes line, 
he said. 

The Java products, Code 
Analyzer, Memory Profiler, 
Performance Profiler and 
Thread Profiler, will be re- 
branded with the Enerjy 
name. Enerjy will attempt to 
compete against Java tools 
makers such as Borland, IBM 
and Sun by offering tools indi- 
vidually, and not as part of a 
suite, Cheshire said. 

"Our approach is a bottom- 
up approach where we'll sell 
over the phone with Web-based 



demos," he said, adding that his 
competitors were more likely to 
make in-person presentations 
to higher-level executives who 
would make companywide pur- 
chases and mandate a corporate 
standard. 

"It's in their best interest to 
try and sell you everything," he 
said. "[That approach is] great 
for the purchasing department 
of a company, but it's not neces- 
sarily so great for individual 
developers," he claimed. 

Enerjy's approach is to deal 
directly with smaller work- 
groups and individual develop- 
ers, he said. I 
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, COMPANIES , 



Wily Technology Inc. has launched a consulting practice around its 
Introscope 5.0 J2EE performance management software. The services 
cover Web application assessments, assistance with deployment of 
Wily's products and implementation of the company's best practices 
. . . The Apache Software Foundation has approved Geronimo, an 
open-source implementation of a J2EE application server, as an offi- 
cial Apache project; details are at Geronimo.apache.org. 



NEW PRODUCTS 



InstallShield Software Corp. has introduced Patch Impact Manager, a 
tool that lets developers and administrators determine the effect that 
a Windows operating system patch's deployment might have on enter- 
prise applications. The tool provides reports on how the patch will 
affect an application's registry entries, files, shared libraries and other 
dependencies. Pricing starts at US$2,499 per seat . . . Host integra- 
tion vendor NetManage Inc. has released NetManage Migration Util- 
ity, a competitive tool specifically designed to help customers move 
applications from Attachmate's host integration platform onto Net- 
Manage's Rumba. The tools move macros and script functions, key- 
board maps and host/server profiles into the Rumba equivalent 
. . . ICEsoft Technologies Inc. has ^ 
released ICEpdf, a Java SDK for render- ^# ICESOFT 
ing PDF documents. The SDK can be 

configured into stand-alone PDF viewers, or embedded into Java or 
HTML applications . . . PKware Inc. has released Windows SDKs for 
embedding zip-based compression and archiving into customer appli- 
cations. The SDKs are a Data Compression Library, a PKZIP Toolkit 
for building archives, and a SecureZIP Toolkit for building encrypted 
archives . . . Vale Software Ltd. is offering MSDE Manager, a US$79 
management and visual configuration utility for Microsoft's embedda- 
ble MSDE database engine . . . jProductivity LLC is offering Compo- 
nents, a new set of reusable user interface JavaBeans for JFC/Swing. 
The first two products in the set are calendar and calculator beans, 
which are priced at US$69 each, or both for $99 . . . Codagen Tech- 
nologies Corp. has released Technology 
ArCnrtfiCt Accelerator for Oracle JDeveloper lOg, a tool 
that allows Codagen's Architect UML model- 



ing software to be used with Oracle's IDE. The accelerator is free; 
Architect costs US$5,400 per seat . . . ComponentOne LLC is offering 
bundles that include IDEs from Borland and Microsoft, as well as Com- 
ponentOne's NET, ASP.NET, mobile devices and COM components. 
DevKit for Visual Studio .NET includes VS.NET Professional and 
costs US$1,199. There are three versions of DevKit for Delphi 8, rang- 
ing from $1,299 for a version bundled with Delphi 8 Professional to 
$3,899 for Delphi 8 Architect . . . LogicLibrary Inc. has released ref- 
erence models for its Logidex asset-management system to support 
the U.S. Office of Management and Budget's Federal Enterprise Archi- 
tecture Framework . . . Microsoft Corp. has two new business intelli- 
gence tools for its Office software. The Business Scorecards Acceler- 
ator is a Web-based application for measurement and management of 
key performance metrics. The Excel Add-in for SQL Server Analysis 
Services allows SQL Server data to be accessed and analyzed direct- 
ly in Excel. Both are offered at no cost to Office users. 



UPGRADES 



Interactive TKO Inc. has released version 2.5 of its LISA automated 
testing software, with a Workstation component that now has wizards 
for accessing common test functions as well as the ability to save any 
test case. A new LISA Server component acts as a JMX agent. There 
is also a new, free LISA Community Edition for functional testing of 
small Web sites and analysis of EJBs, data and Java objects, and Web 
services . . . Maplnfo Corp. has updated its 
Internet-based mapping engine. Map- 
Xtreme 2004 makes mapping functions available as Web services 
that conform to specifications from the Open GIS Consortium, and also 
contains a data service for Microsoft's ADO.NET database infrastruc- 
ture for .NET-based server appli- 



^ Maplnfo 



SourceForge Shifts 
To a Java Foundation 

Collaborative development system abandons script 



BY DAVID RUBINSTEIN 

Moving beyond soft- 
ware's historical roots 
with scripting lan- 
guages, VA Software 
Inc. last month re- 
leased an update to its 
SourceForge Enter- 
prise Edition collabo- 
ration system that's 
built with Java. 

Versions prior to 
this 4.1 release were 
built on the open- 
source scripting lan- 
guages Perl, PHP and 
Python, and were 
more difficult to inte- 
grate into user envi- 
ronments and to use 

with the tools, applica- SourceForge's user interface now is economically more correct, says VA Software. 
tions and authentica- 



^~ 




tion systems customers already 
own, according to Colin Bodell, 
senior vice president of product 
management. 

"One of the challenges with 
[SourceForge] 3.x was that the 
API was rudimentary," said 
Bodell. "Now we've built a core 
J2EE engine with a defined API 
that is published to extend 
SourceForge." The system now 
can be accessed either through 
the Java Remote Method Invo- 
cation API, for use with many 
third-party tools that extend 
SourceForge, or a SOAP/XML 
interface for home-grown tools. 

For developers who have 
had to work with disconnected 



tools, the SourceForge system 
provides a window in the devel- 
opment process and helps them 
determine if there is code to be 
reused, and to learn who is 
working on what aspects of a 
project to gain greater insight, 
Bodell said. 

In addition, VA Software re- 
designed the user interface to 
make it more intuitive and 
ergonomically more correct, 
Bodell said. Also new to 4.1 are 
plug-ins for Microsoft Project 
for task management and Office 
for enhanced document shar- 
ing, as well as what the compa- 
ny calls improved knowledge 
threading. "As you work around 



a system, any of the items you 
come across can be associated 
with any other" in SourceForge, 
Bodell explained. "You don't 
have to reverse-engineer to find 
out where an asset came from, 
or who worked on it last. The 
time to gain understanding of 
the system is very quick." 

The Enterprise Edition, 
which still costs US$2,725 per 
user and is available to existing 
maintenance customers as an 
upgrade, has grown apart from 
the SourceForge.NET code- 
base, but Bodell indicated that 
at some point in the future, 
improvements made on each 
side will be blended into both. I 



Ipedo Adds Visual XQuery to XIP 



BY YVONNE L. LEE 

Ipedo Inc. has added visual 
query tools to its XML Intelli- 
gence Platform (XIP) tool 
designed to present data from 
disparate corporate informa- 
tion sources. 

XIP, formerly called XML 
Information Hub, collects and 
presents information from data- 
bases, Web services and appli- 
cations such as SAP and Siebel. 
It does this by querying the 
original sources and creating an 
XML representation that can 
be queried further, said Ipedo s 
co-founder and vice president 
of marketing, Tim Matthews. 

The latest version has two 



new features: a graphic query 
creation tool, and wizards for 
creating virtualizations of the 
data. Previously, developers 
using the product had to cre- 
ate queries by hand-coding 
using the XQuery language. 
The XQuery tool in XIP 3.5 
automatically generates the 
XQueries as users drag icons 
representing information from 
the data sources into the query 
builder. 

Ipedo helped customers 
hand-write queries, but it often 
took longer than the customers 
expected, Matthews said. He 
said that sometimes developers 
use graphical tools when 



they're learning a language and 
do more hand-coding when 
they are more familiar with the 
language, and added that he 
hoped this would help develop- 
ers learn XQuery. 

The US$75,000 per-server 
tool is designed for enterprise 
developers, said Matthews. 

XIP 3.5 also includes graph- 
ical integration tools as well as 
XML content inspection rules 
and modules based on industry- 
specific standards. It has JDBC 
and ODBC drivers that can 
enable connections to IBM's 
DB2, Ingres, Microsoft's SQL 
Server, MySQL, Oracle and 
Sybase databases. I 
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Managers crave process control. 
Bridge the gap with Seapine CM 

Software development is a team effort with developers, testers, 
and management all working toward one goal — delivering the 
highest quality product on time. 



Seapine CM brings structure to source control and issue 
management improving communication while accelerating 
pro dud development. 

Seapine CM helps your learn... 

Define custom change request workflows, putting you in control 
of who mokes changes and who authorizes the dosure of issues. 

Associate source cade changes wftfj defects or change requests 



Gain a thorough understanding of how much work remains 



before project completion. 

View complete audit trails of what changed, why* andhy whom. 

Understand how close you ore to release— how many issues are open, 
haw quickly ore you closing lhem f how many are re-openedf 

Successful team based development requires the proper process 
supported by the right development fools. Tools that are 
Flexible, easy to use, secure, and scalable— I ike Seapine CM. 
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Achieve major improvements in software developmeni performance through 
better too! integration and process automation. Manage ctefecls, 
development issues, and change requests with award- vwnnmg TestTiack Pro 
and gain complete- control over your source code and change process with 
Surround 50 M. Seapme's integrated change management tools are feature 
rich hiytily scalable, Web enabled, and cross platform. Streamline your 
development process wilh Seapine CM and herp your team deliver quality 
software products on time, every time. 
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Learn more about the 

Seapine CM suite at 

www.seapine.com 

or call 1-888-683-6456 
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IBM Debuts DB2 Integration Tool 



BY JENNIFER DEJONG 

Looking to ease the task of cod- 
ing data connections, IBM 
Corp. last month delivered the 
open beta version of DB2 
Information Integrator. 



Similar to offerings from inte- 
gration vendors such as TIBCO 
Software Inc. and WebMethods 
Inc., the tool can access data 
stored in virtually any company 
repository, regardless of data 



type or location. Code-named 
Masala, Information Integrator 
(www.ibm.com/software/data 
/integration) can extract data 
from enterprise applications 
from vendors such as People- 



Soft Inc., SAP AG and Siebel 
Systems Inc., databases from 
Oracle Corp. and Microsoft 
Corp., Web servers, e-mail, 
spreadsheets, text and XML 
files, said IBM's Laura Haas, a 
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development manager for DB2 
Information Integrator. 

Aimed primarily at business 
users, Masala also benefits devel- 
opers, said Haas. Instead of writ- 
ing custom code to connect to 
each data source an application 
needs, developers can use busi- 
ness integration adapters to 
automate that process. "You no 
longer have to think about how 
to communicate with all of the 
data sources," she said. 

Because the 50 or so 
adapters IBM provides plug into 
WebSphere Business Integra- 
tion server, to take advantage of 
them, developers using Infor- 
mation Integrator must also use 
IBM's integration server. 

Also pertinent to develop- 
ers is a data event publishing 
feature, which automatically 
updates relevant applications 
when changes are made to data, 
said Haas. In addition, a devel- 
opment repository lets program- 
mers store for reuse code snip- 
pets, such as an XML object that 
describes a customer, she said. 

Information Integrator is not 
part of Stinger, the code name 
for IBM's DB2 database expect- 
ed later this year. IBM did not 
announce pricing, but the soft- 
ware is expected to ship later 
this year. I 

Perforce SCM 
Now Has Visual 
Branch History 

BY ALAN ZEICHICK 

The latest release of the Per- 
force software configuration 
management system from Per- 
force Inc. includes a revamped 
visual client, called P4V, with 
new graphical displays of revi- 
sion branch histories and folder 
comparisons. 

The main new feature in Per- 
force 2004.1, which began ship- 
ping in mid- June, is the new 
visualization feature for the 
branch histories. According to 
the company, the client can iden- 
tify all file branch points, edits 
and merges within the file, and 
compare any two file revisions by 
selecting their revision icons. It 
also can determine whether files 
are associated with a set of 
tagged file revisions. 

The folder comparison fea- 
ture uses a drag-and-drop 
metaphor to show the differ- 
ences between the folder's 
structure and the contents of its 
component files. The software 
sells for US$750 per seat. I 
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Zero G Unveils lnstallAnywhere.NET 



BY JENNIFER DEJONG 

Upgrading the Windows installer 
software it purchased from a 
competitor, Zero G Software 
Inc. is expected to announce 
InstallAnywhere.NET next 
week. 

Based on the Microsoft Soft- 
ware Installer (MSI) file format, 
InstallAnywhere.NET enables 
developers to write the MSI 
packages that make it easy for IT 
administrators to deploy appli- 

Actional Adds 
Agents to Web 
Services Platform 

BY DAVID RUBINSTEIN 

Addressing the fact that service- 
oriented architectures must 
incorporate more elements than 
just Web services, Actional 
Corp. last month released an 
update to its services manage- 
ment platform to provide what 
the company calls end-to-end 
visibility into systems. 

Actional has added to its 
Actional 5.1 management sys- 
tem new Active Agents for 
managing JDBC, JSP and 
servlets, and ASP, according to 
Dan Foody, Actional's CTO. 
Actional 5.1 sells for between 
US$50,000 and $100,000, 
depending upon the number of 
production licenses required. 

Foody said that Actional has 
added the ability to bridge the 
gap between business monitor- 
ing and IT monitoring by allow- 
ing customers to establish busi- 
ness classifications — customer 
class, geographic location — and 
apply metrics from service-level 
agreements, response times 
and the like to see how IT 
impacts the business. 

"To get the IT information, 
we have agents and proxies that 
do that. To determine the busi- 
ness information, you need to 
look into the content or payload 
of messages," Foody said. Look- 
ing Glass 5.1, he said, the man- 
agement console inside Actional 
5.1, offers that level of business 
impact analysis. 

Among the new features of 
Actional 5.1 is a self-service 
mode of usage, under which 
each user of a shared Actional 
installation appears to have his 
or her dedicated copy. This 
helps organizations reduce 
their cost of managing multiple 
iterations of the software. I 



cations to Windows desktops, 
without having to know the ins 
and outs of MSI. "You don't 
have to hand-code to the APIs of 
the MSI specification," said 
Zero G's director of product 



development, Trent Wheeler. 

Essentially a menu-driven, 
graphical tool for writing MSI 
packages, InstallAnywhere.NET 
guides developers through the 
authoring process, validating 



proper actions and alerting 
them to potential errors. That 
enables developers to identify 
and fix problems to ensure it 
will install properly. 

Priced at US$1,199 per 



developer, InstallAnywhere 
.NET competes with MSI offer- 
ings from companies such as 
InstallShield Software Corp., 
OnDemand Software Inc. and 
Wise Solutions Inc. I 



really want 




*4 



processes 



Developing CMM® or CMMI* processes Irom scratch can be like opening a can 
of worms, You waste valuable time, money, and other resources trying to 
develop CMM* and CMMr* compliant processes and may never reach your 
goal of operating In complanoeu If you instal processMax today, you can 
operate In compliance tomorrow. With processMax, your soRware development 
organization immediately begins managing software development and 
maintenance projects In guaranteed compliance with the CMM and CMMI. 
processMax is the web-based project management system providing your 
managers and developers with step-by-step procedures, integrated document 
management, and automated workflow. processMax integrates process with 
day-to-day work, giving managers real-time, fact-based insight into project 
status, processMax is the proven solution - as verified by more than 40 
successful 



processMax 

THE PROCESS SCIUTTON 



pragma Systems Corporation 

Tall Free: S77.B30.PMAS 
Direct: 7-D3.7B6.DQ1 3 xA 
www.pragrrasysCE mE.cam 
E-^ai : lrfQ@prajgmasystBr , 5.cam 
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Relational Databases Rule the Roost 

Recent study shows that relational, flat-file databases more popular than XML, 00 DBMS 



BY ALAN ZEICHICK 

If your projects database re- 
quirements and shopping pat- 
terns match those of the soft- 
ware development managers in a 
recent BZ Research study, 
chances are you use a relational 
database, and maybe also a flat- 
file data store. 

In the "Database and Data 
Access, Integration and Report- 
ing Study," conducted by BZ 
Research in mid- May, fully 96 
percent of respondents said 
they're creating, using or target- 
ing relational databases for appli- 
cations development. Given that 
relational databases constitute 
the bulk of the major databases 
currently offered, such as Oracle 
lOg, IBM's DB2 and Informix, 
Microsoft's SQL Server, Sybase, 
MySQL and many others, this 
should not be surprising. 

The second most popular 
type of database was a flat file, 
used by just under half of 
respondents; again, that's not 
surprising, given the wide range 
of uses for flat-file databases 



embedded into applications. 
This was followed by native 
XML and object-oriented data- 
bases, both of which came 
through at about 41 percent. 

The study was completed by 
943 readers of SD Times, and is 
accurate to within 3 percentage 
points. BZ Research is a sub- 
sidiary of BZ Media LLC, pub- 
lisher of SD Times. 

Other database technologies 
are more niche-oriented. Em- 
bedded/application-specific 
databases were being created, 
used or targeted by just under a 
quarter of respondents; so, too, 
were database clusters. Multi- 
value databases were used by 
only about 4 percent of those 
who completed the survey. 

Database Interfaces. Anoth- 
er question on the survey asked 
which interfaces were used to 
connect databases to applica- 
tions. Not surprisingly, given the 
high use of relational databases, 
91 percent indicated that they 
use SQL. Also, 69 percent use 
ODBC, while 55 percent use 



Whi-ch interfaces do y®ur company's developers us& 
to integrate databases with applications? 
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ADO/ADO.NET and 30 percent 
use OLE DB. On the Java side, 
41 percent use JDBC and 15 
percent use J2EE Connector 
Architecture. 

New-technology interfaces 
are creeping up on the older 
technologies, with just under 



50 percent saying that they use 
XML to communicate with their 
database, and 35 percent saying 
that they use Web services. 

Database Integration. The 
study asked about the status of 
data integration projects, and 
most respondents indicated 



Rally 'Round the Agile Development Process 



bit in advance. The problem 
with software is you don't know 
what all the tasks are early in 
the project. We use an alterna- 
tive form of scheduling associ- 
ated with adaptive management 
called time boxing. All of our 
planning and scheduling tools 



are built around time boxing." 

It's designed to help organi- 
zations that want to release 
iterations of software every six 
to eight weeks, said Richard 
Leavitt, vice president of sales 
and marketing. 

"What's very important 







BY YVONNE L. LEE 

Rally Software Development 
Corp. has released a Web- 
based subscription service for 
managing agile software devel- 
opment projects. 

The Rally Release 1 service, 
which starts at US$65 per 
month per user, com- 
bines requirements man- 
agement, project man- 
agement, defect tracking 
and test case manage- 
ment, according to Rally 
president Ryan Martens. 

The service's plan- 
ning and scheduling 
tools are geared toward 
iterative management 
used in agile develop- 
ment methods, Martens 
said. 

"If you're looking for 
Gantt and Pert charts, 
you're not going to find 
them," Martens said. 
"Gantt and Pert charts 
are typical of general- 
purpose project man- 
agement tools. That 
form of schedulin 
assumes you know what 
all the tasks are quite a The Rally Release 1 service helps organizations define, plan and track software releases. 
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about having these in one place 
is that they're very tightly 
linked together," he said. 

Using the product, devel- 
opment teams can track pro- 
ject requirements, customer 
requests, iterative changes and 
bug reports, as well as use cases 
and feature requests. 
Quality assurance groups 
can create and store tests 
using the software. 

"It fundamentally 
admits that software is 
not a predictable envi- 
ronment. It must be 
adaptive," said Leavitt. 
"Every time someone 
sees something, some- 
one says that's kind of 
close, but not quite it, or 
that's not what I want 
anymore." 

The software supports 
the Extreme Program- 
ming, Scrum, Crystal, 
DSDM and Agile RUP 
agile programming pro- 
cesses not by adhering to 
any one of them, but by 
selecting those method- 
ologies that are common 
to each, Leavitt said. I 
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that their companies were in 
progress: Nearly half of respon- 
dents, 49 percent, said that 
more than one data integration 
project is currently in progress, 
while 13 percent said that one 
data integration project is under 
way. Only 2 percent said that 
their company had completed 
all data integration projects. 

A smaller number of respon- 
dents indicated that initial data 
integration projects would be 
starting soon: 5 percent said 
within six months, 4 percent said 
within 6 to 12 months, and 3 per- 
cent said more than a year in the 
future. However, 15 percent 
said that they have no plans for 
data integration projects at all. 

Top Deployed Databases. 
When respondents were asked 
which databases were in use at 
their company, the lion's share 
went to Microsoft, with 78 per- 
cent saying that SQL Server was 
deployed. It was followed close- 
ly by Oracle, at 55 percent, and 
surprisingly by MySQL, at 33 
percent. Next were IBM's DB2, 
at 22 percent; Sybase, at 15 per- 
cent; and PostgreSQL, at 8 per- 
cent. Readers were presented 
with a field of 14 major data- 
bases for this question. 

Database for Current Pro- 
ject. The same list of databases 
was used for a related question, 
which asked which specific data- 
base was used on the respon- 
dent's current or most recent 
project. The top rankings were 
similar, with Microsoft at the top 
with SQL Server, at 57 percent; 
followed by Oracle, at 39 per- 
cent; MySQL, at 16 percent; and 
DB2, at 11 percent. Post- 
greSQL, at 5 percent, however, 
edged out Sybase, at 4 percent, 
for the fifth position. 

Reasons for Choosing Spe- 
cific Databases. BZ Research 
asked respondents to identify the 
top factors, from a list of 25, that 
led to the choice of the database 
being used for their current 
or most recent project. The top 
factor, by a wide margin, was 
familiarity with the database, in- 
dicated by 58 percent of respon- 
dents. This was followed by 
the reputation of the database 
vendor, at 34 percent; lowest 
development costs, at 30 per- 
cent; lowest deployment costs, at 
30 percent; and high availabili- 
ty/reliability features of the data- 
base, at 24 percent. I 
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Grand Central Network 
Grows According to Script 



BY DAVID RUBINSTEIN 

The introduction of JavaScript to help 
orchestrate workflow highlights Grand 
Central Communications Inc.'s Business 
Services Network 4.2, released last 
month, as the company moves to secure 
its position as middleman for 
intercompany connectivity. 

The network is made up 
of a set of services that busi- 
nesses can use to connect, cre- 
ate and share business process- 
es, explained chief technology 
officer David Linthicum. But 
the Business Process Execution 
Language upon which the ser- 
vices are based is more of an 
orchestration language than a 
developer language, so Lin- 
thicum said JavaScript gives says Linthicum 
developers "a more granular 
control of services than BPEL allows." 

Grand Central serves as a repository 
for Web services, process engines and 
patterns, sold on a subscription basis, 
Linthicum said. Companies send Grand 
Central the WSDL files of their BPEL- 
compliant services, which then can be 
stored in a private space on the network 




JavaScript provides 
more granular con- 
trast of services, 



for sharing among a limited number of 
partners, or can be made public to the 
entire network, he added. "We're the 
guys who mediate the differences" 
between emerging standards and multi- 
ple SOA implementations, he said. 

The new release also sup- 
ports private networks by 
having the ability to be built 
into an existing infrastruc- 
ture. The directory the net- 
work provides is more robust 
than UDDI, Linthicum 
claimed, but it also supports 
UDDI in that it can be read 
and abstracted. 

Linthicum added that 

Grand Central's network has 

been certified under the AS2 

(Application Statement 2) 

specification, created as a 

joint partnership between the Uniform 

Code Council Inc. and testing services 

company Drummond Group Inc. for 

the transfer of data over the Internet. 

"People who want to send critical data 

can trust us to deliver it," he said. More 

than 30 companies have been similarly 

certified. I 



Forum's Firewall Tests 
For WS-I Compliance 



BY YVONNE L. LEE 

Forum Systems Inc., a company spe- 
cializing in Web services security, has 
added WS-I conformance testing to its 
XWall firewall software. 

Web services are open to denial- 
of-service (DoS) attacks as well as to 
those seeking to maliciously get data 
from a repository or even to bring 
down a site, according to Forum CEO 
Wes Swenson. 

"If you publish a Web service through 
an open port, you have just given me 
open access to the application and the 
database nomenclature," he said. 

In fact, posting a Web service's 
WSDL to a UDDI registry gives male- 
factors a way to gain documentation 
about how to run a program residing on 
a server, he said. Since WSDL docu- 
ments contain specific instructions about 
parameters, malicious users can play 
around with different parameter options 
to retrieve unauthorized information. 

For example, a service that offers 
stock quoting and trading services may 
advertise that it has a method to 
request a stock quote, but it might also 
have an unpublished method to trade 
that stock. A hacker looking at the 



WSDL might play around with poten- 
tial strings to execute such commands 
based on the listed method. 

According to Swenson, testing for 
WS-I Basic Profile interoperability 
compliance from the firewall rather 
than testing the applications them- 
selves makes better sense because that 
is where the interaction occurs. In 
addition, the XWall firewall can pre- 
vent unintentional DoS attacks that 
developers create by accidentally mak- 
ing infinite loops, Swenson said. 

XWall validates documents based on 
the rules of the XML and SOAP speci- 
fications, then validates the document 
based on its governing schema. 

Next it looks for policy violations, 
such as unexpected values in fields or 
oversized documents. 

A third layer identifies the entities 
that attempt to participate in a Web 
service and verifies through validation, 
masking and local caching of details 
that they are truly permitted to do so. 

XWall 3.0 is available immediately 
for US$2,500 per processor. 

The company also offers hardware 
versions as either a $5,000 PCI card or 
a $9,995 appliance. I 
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Microsoft Sketches Blueprint for Commerce Server 

2006 release promises integration with Visual Studio .NET and BizTalk 



BY JENNIFER DEJONG 

Microsoft Corp. offered a 
glimpse of Commerce Server 
2006 in May, sketching out how 



its technology for building 
Internet applications will work 
with BizTalk Server 2004 and 
with Visual Studio .NET. 



Commerce Server was a 
key component of Jupiter, 
Microsoft's earlier plan to bun- 
dle its commerce offering with 



BizTalk and Content Manage- 
ment Server. When the com- 
pany abandoned the Jupiter 
project in February, it said it 
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would continue to sell BizTalk 
and Content Management 
separately. Until now, Micro- 
soft had not articulated its 
plans for Commerce Server. 

"The lines where Com- 
merce Server begins and ends 
are beginning to blur," said 
Stacey Ellingson, a product 
manager with Microsoft's busi- 
ness process and integration 
division. 

100+ ADAPTERS AVAILABLE 

When 2006 replaces the cur- 
rent 2002 version, developers 
will be able to open and work 
on Commerce projects in Visu- 
al Studio, said Ellingson. They 
also will be able to make use of 
more than 100 adapters that 
automate the process of linking 
Commerce projects to data 
that resides in inventory man- 
agement and other back-end 
applications. 

The adapters will save devel- 
opers from having to write cus- 
tom code to connect to each 
system that an Internet applica- 
tion interacts with. But because 
the adapters plug into Micro- 
soft's integration server, BizTalk 
2004, Commerce Server devel- 
opers who want to take advan- 
tage of them must also use 
BizTalk. In the 2006 release, all 
connectivity will go through 
BizTalk, said Ellingson. 

Also promised for 2006 is 
SQL Reporting Services, a 
component of Microsoft's SQL 
Server database. Including it 
in Commerce Server simplifies 
the process of creating sophis- 
ticated reports on activities 
such as Web site traffic, said 
Ellingson. 

As it outlined plans for 
2006, Microsoft made available 
a feature pack for Commerce 
Server 2002 (www. microsoft 
.com/commerceserver). A pre- 
view of features promised for 
2006, feature pack 1 is 
designed to make it easy for 
users who lack programming 
skills to perform tasks such as 
adding products to an online 
catalog, according to the com- 
pany. It also allows business 
users to view changes made to 
a site before it goes live, and 
offers sequencing features that 
enable them to showcase Web 
site promotions by designating 
the order in which search 
results are displayed. I 
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Schwartz: Sun Will Open-Source Solaris 



say 
be 



< continued from page 1 

source license, nor did he 
what type license would 
used, stressing that those mat- 
ters were still to be determined. 

He did hint that Sun might 
make available as open source 
the forthcoming Looking Glass 
3D user interface being devel- 
oped by Sun's Advanced Tech- 
nology Group. 

Meanwhile, company spokes- 
people were prepared to confirm 
only that Schwartz made the 
statements and not to give details 
about Sun's open-source plans. 
"At this time, we are in the 
process of soliciting customer 
feedback in refining various 
aspects of the project and are 
not discussing additional infor- 
mation, such as launch timing, 
licensing models or other de- 
tails," said Sun spokesperson 
Jennifer Doettling. 

Another spokesperson, Lau- 
ra Ramsey, was more succinct: 
"We're still figuring out what our 
open-source strategy is." 

A DIVIDED SUN? 

Eric Raymond, an open-source 
luminary with whom Sun con- 
sulted about working with the 
Java community, said he has not 
been sought concerning an open- 
source Solaris. He suggested that 
the company may be divided 
about whether to offer the oper- 
ating system as open source. 

"My spies inform me that 
there's bitter factionalism going 
on over there," he said. "Every- 
body senses the boom lowering. 
What's happening is their lunch 
is getting eaten by cheap Linux." 

Sun would have had a 
better reception to open-source 
Solaris if it had released it 
before Linux became popular, 
said Jim Jagielski, executive vice 
president and secretary of the 
Apache Software Foundation. 
"Five years ago, you would have 
seen a big interest with it," he 
said, adding that if Sun said it 
was opening up Java, that would 
have had a bigger reception. 

"The real push in the com- 
munity has been, 'Why not 
open- source Java?' I don't think 
the Solaris community has been 
wanting them to open-source 
Solaris much." 

Sun has not contacted Apache 
about the project, he said. 

Schwartz said the Java Com- 
munity Process would be a mod- 
el for how it released Solaris. 

"You need only look to what 
we've done with Java to under- 



stand how Sun views incorpo- 
rating community feedback. 
Java could not exist if only Sun 
were supporting it," he said. 
"We need to now take the mod- 
el we've used with Java and 
bring it to Solaris." 



If Sun does release any part 
of the operating-system kernel 
to open source, it may run afoul 
of its business partner, The 
SCO Group Inc. Sun has pur- 
chased a license for Unix from 
SCO, and Solaris is a derivative 



of Unix, which SCO claims to 
own all rights to, apart from the 
trademark. 

"SCO is confident that Sun 
will be very rigorous in com- 
plying with our Unix System V 
license, as the company defines 



its plans for open source," said 
Marc Modersitzki, a SCO 
spokesperson. 

Another SCO spokesperson 
confirmed that SCO was not part 
of any Sun community effort to 
open-source Solaris. I 
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Eclipse Gets a New Look and Feel 

A platform for enterprise development, not just tools integration 



BY JENNIFER DEJONG 

Improving the look, feel and 
overall flexibility of the open- 
source framework, the Eclipse 
Foundation was expected to 
announce release 3.0 last month. 

The user interface has been 
substantially improved and sim- 
plified, said Mike Milinkovich, 
the former Oracle Corp. execu- 
tive who recently was named 
executive director of Eclipse. 
"As rich as Eclipse is, [earlier 
versions] were a little intimidat- 
ing at first blush." 

Developers can now cus- 
tomize toolbars and menus to 
display only those features they 
are using, said Milinkovich. Also 
new to 3.0, available at www 
.eclipse.org, is the ability to con- 
figure the framework based on 
roles and experience. 

A feature known as dynam- 
ic activation lets developers 
load and unload plug-ins with- 
out having to stop and restart 
the IDE. In previous versions, 
managing plug-ins in Eclipse 
was much like having to shut 



down Microsoft Word in order 
to use the dictionary, said 
Milinkovich. The new archi- 
tecture also will increase the 
number of plug-ins the open- 
source framework can accom- 
modate. "For versions 1.0 and 
2.0, we were thinking in terms 



of hundreds. With 3.0, it's 
thousands," he said. 

Other updates include sup- 
port for Swing-based user inter- 
faces. Because 3.0 lets develop- 
ers embed Swing widgets in 
SWT-based user interfaces, 
vendors who want developer 



plug-ins for Eclipse no longer 
have to reimplement things in 
SWT, said Milinkovich, refer- 
ring to IBM Corp.'s Standard 
Widget Toolkit used in Eclipse. 
Swing support is limited to Lin- 
ux and Windows, noted 
Milinkovich. I 




Eclipse can now accommodate thou- 
sands of plug-ins, says Milinkovich. 



BEA Shows Mobile Browser, Controls for Services 



BY YVONNE L. LEE 

Providing a solid picture for the 
company's Liquid Computing 
vision, BEA Systems Inc. chief 
architect Adam Bosworth 
demonstrated a browser de- 
signed to work effectively even 
when users are not connected to 
the Internet. 

Called the Alchemy Univer- 
sal Client Platform, the browser 
is meant to work on various 
devices and form factors, and to 
be optimized for service-orient- 
ed architectures. 

It uses JavaScript, SyncML 
and XHTML and what BEA 
refers to as "minor SOA exten- 



sions." It is still in its prototype 
phase, so the specifications are 
not firmly set. 

Nevertheless, Kumar Rama- 
chandran, development product 
manager at USF Corp., a freight 
company based in Chicago, said 
he had seen enough to be 
interested in working with the 
technology. 

"That was the best presen- 
tation [at BE As eWorld]," he 
said. "They were talking about 
an intelligent browser where 
you could be disconnected and 
still do all your work." The 
new browser would enable 
workers to browse and update 



information on the road. 

Although he characterized 
the overall Liquid Computing 
as "marketing hype," Rama- 
chandran said he could see 
immediate uses for the browser 
to build specialized applications 
that could be used on the road. 

BEA did not specify when it 
would release Alchemy, but 
said it plans to release it as 
open source. 

The company also released 
a free set of controls for its 
WebLogic Workshop devel- 
opment environment designed 
to make it easier to work with 
some existing Web services. 



The controls, called WebLogic 
Workshop Control Pack, 
enable developers to tap into 
the Web services capabilities 
of Amazon, eBay, Federal 
Express, Google, PayPal and 
UPS. BEA also is building an 
open-source area on its 
dev2dev Web site to host, pro- 
mote and collaborate on these 
controls, as well as an SOA 
Technology Center, which will 
include guidelines, patterns 
and white papers for building 
service-oriented architectures. 
The WebLogic Workshop Con- 
trol Pack and Technology Cen- 
ter are at dev2dev.bea.com. I 
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Stephen J. Mellor 

Stephen J. Mellor is an internationally recognized pioneer in creating effec- 
tive engineering approaches to software development. In 1985, he published 
the widely read Ward-Mellor trilogy Structured Development for Real-Time 
Systems; in 1988, the first books defining object-oriented analysis; and in 
2002 Executable UML: A Foundation for Model-Driven Architecture. His lat- 
est book, MDA Distilled: Principles of Model-Driven Architecture, was published in 2004. 
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Larry Constantine 

Larry Constantine is one of the pioneers of software design in usage-cen- 
tered design. Larry has published more than 150 articles and papers plus 
16 books, including the award-winning Software for Use (Addison- Wesley, 
1999), written with Lucy Lockwood; The Peopleware Papers (Prentice Hall, 
2001); and the software engineering classic, Structured Design (Prentice 



Hall, 1979), written with Ed Yourdon. 



j^pt Michael Barr 

Michael Barr, former Editor-in-Chief of Embedded Systems Programming 
magazine, is the founder and president of Netrino LLC. Michael has spent 
more than a decade developing embedded software, device drivers and 
JL system-level software. He has written two popular books, Programming 
I Embedded Systems in C and C++ (O'Reilly), and the Embedded Systems 
Dictionary (CMP Books) with Jack Ganssle. 



Silicon Valley Location! 

The Embedded Software Development 
Conference will be held at the DoubleTree 
Hotel, in the heart of Silicon Valley. The 
hotel is close to the San Jose International 
Airport, next to U.S. 101 and just a few 
blocks from 1-880. The hotel provides a 
complimentary airport shuttle as well as 
ample parking. Downtown San Jose 
is just minutes away. 
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H Robert C. Martin 

I Robert C. Martin is the founder of 
Object Mentor Inc., a training 
company specializing in process 
I improvement and object-oriented 
' software design. Former Editor- 
in-Chief of C++ Report, he is the author or co- 
author of six books, including, with James 
Newkirk, Extreme Programming in Practice 
(Addis on- Wesley), and UML for Java Programmers 
(Prentice Hall). Bob has published dozens of articles 
in various trade journals, and is a regular speaker at 
international conferences. 



n Karim Yaghmour 
Karim Yaghmour is President of Opersys Inc., a company that helps 
others build embedded Linux systems. Karim is a widely recognized 
f figure in the open-source community and the author of the most popular 
I book on Embedded Linux, according to Amazon.com: Building Embedded 
Linux Systems (O'Reilly). Karim is also the maintainer of the Linux Trace 
Toolkit, and has been selected as a Special Supporting Member to the CE Linux Forum. 
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, MORE UPGRADES , 




< continued from page 8 

cations . . . Jungo Software Technologies Inc. has released a version 
of its WinDriver PCI/USB driver development toolkit that works with 
Linux on PowerPC processors . . . Altova Inc. has updated its XML Spy 
development environment. Version 2004 Release 4, which came out 
in mid-May, adds context-sensitive text-entry fields, line numbering, 
XML-aware file differencing and merging, and new import/export with 
Access, DB2, MySQL Oracle and SQL Server . . . Urbancode Inc. has 
updated its Anthill Pro continuous build management server. Version 
2.2 includes improved links to different ver- 
sion control systems, the ability to use spe- nltj lf« c ^r 



ro 



cific JVMs for specific builds, and has a new 
scheduler that offers more flexible options for automated building. The 
new release also has new e-mail-based notification and reporting fea- 
tures . . . Accelerated Technology, a division of Mentor Graphics Corp., 
has released a version of its Nucleus real-time operating system for 
the ARM11 family of processors. Pricing begins at US$12,495 per seat; 
there are no royalties for deployment . . . Infragistics Inc. is now ship- 
ping NetVantage 2004 volume 2, its latest component suite for Win- 
dows Forms, ASP.NET, Tablet PC and COM applications. This release 
includes enhancements to the suite's WinSchedule, WinGrid, WebTab 
and WebCombo components . . . Avicode Inc. this month will ship 
Intercept Studio 2.0 for .NET, an update to its tools for real-time 
monitoring of deployed .NET applications. The tools monitor the call 

stack, object state and functional para- 
jrlrTtercept meters of ASP.NET applications and Web 

services, and allow developers to view 
details about faults within Visual Studio. This release can consolidate 
related events into a single view across multiple servers, and has new 
tools to correlate events . . . Segue Software Inc. has revised and 
renamed one of its performance management tools. The US$22,500 
SilkCentral Performance Manager 2.6, which is an update from the 
SilkVision 2.5 tool, can produce new reports on the business-integra- 
tion layer of complex applications. The company also introduced Silk- 
Central Test Manager. The $4,500 tool integrates with requirements 
management, test definition, scheduling and defect-tracking systems 
. . . Version 4.0 of the PolarLake Integration Suite, which the com- 
pany says will be available in July, will include an XML-based business 
process integrator that's compatible with the BPEL4WS specification. 
The server software from Dublin, Ireland-based PolarLake also will 
include new business activity monitoring and measurement tools 
. . . Jcorporate Ltd. is offering version 5.5 of 
Expresso, its application framework for Apache 
Jakarta Struts. The new release integrates with ver- 
sion 1.1 of Struts, and includes compatibility with the 
Java Standard Tag Library, in addition to a tag library developed by 
Jcorporate. Other improved features include a revamped DataObject 
API and other database enhancements, plus a security tool . . . Wind- 
ward Studios has updated its Windward Reports report generator of 
J2EE-based server applications. Version 2.1 now can run in a headless 
Java environment such as a Unix server; previously, it required a user 
interface for configuring fonts and text placement. It can also now 
natively generate PDF files without making external calls. 
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PEOPLE 



Sun Microsystems Inc. has named John Fowler as EVP for network sys- 
tems. Fowler had been CTO of the company's software organizations. 



, STANDARDS , 



The Unicode Consortium has updated its Common Locale Data 
Repository and Locale Data Markup Language specifications. 
CLDR 1.1, which provides a general XML format for exchanging 
locate-specific information, contains roughly 50 percent more data 
than the first release, and includes more translated terms for lan- 
guage, script, currencies and time zones. LDML 1.1, a related set of 
XML tags, adds new formats for month and day names, as well as 
POSIX compatibility fields. I 



Modeling the Microsoft Way 



will 
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ran. Because Class Designer is 
written to support the CLR, it 
will allow developers to model 
with much greater fidelity, com- 
pared with using tools based on 
UML, he said. 

But Class Designer 
assume the look and feel 
of UML's Class dia- 
gram, which uses boxes 
and arrows to represent 
class interfaces and 
the relationships among 
them. Sridharan also 
emphasized that VS 
2005 Team will support 
UML-based offerings 
from third-party ven- 
dors, as well as the company's 
current UML tool, Visio. "Our 
strategy is UML and more," 
Sridharan said. 

PLAYS WELL WITH OTHERS? 

Microsoft is anxious not to be 
perceived as abandoning UML, 
noted Patrick Hynds, Micro- 
soft's regional director for 
northern New England, and 
CTO of consulting firm Critical 
Sites, in Deny, N.H. "This is 
the decade of 'We play well 
with others.' " 

But Microsoft did not have to 
deviate from UML in order to 
achieve its modeling goals, said 
Jon Siegel, vice president of 
technology transfer at Object 
Management Group Inc., the 
nonprofit industry consortium 
that oversees the UML specifi- 
cation. Acknowledging that 
UML does not always map 
directly to the CLR, he said the 
industry would welcome Micro- 
soft and its partners to work with 
OMG to generate a UML profile 
that would tailor UML to 
the CLR. "These are trivial map- 




pings from UML," he said. 

Extending the UML specifi- 
cation to accommodate the 
CLR is a legitimate approach, 
acknowledged Billy Hollis, pres- 
ident of Elysian Consulting, in 
Nashville, Tenn., and Microsoft's 
regional director for that city. 



'We added many things 
to [UML] 2.0 without 
subtracting anything. 
We should have done 
a liposuction.' 

-Cris Kobryn, co-chair of 

OMG's Analysis & Design 

Platform Task Force 



But he said that while standards 
are critical for communications 
technologies, such as Web ser- 
vices, they are not as essential 
for modeling tools, typically 
shared among developers within 
the same company. 

FAT NEEDS TRIMMING 

UML's advocates also acknowl- 
edge its limitations. 

Although it is a powerful 
language, the current version, 
2.0, is gratuitously large, said 
Cris Kobryn, Telelogic AB's 
representative to the OMG and 
co-chair of that organization's 
Analysis & Design Platform 
Task Force. "We added many 
things to 2.0 without subtract- 
ing anything. We should have 
done a liposuction," he said, 
noting that 20 percent of UML 
does 80 percent of the work. 

Many of UML's diagrams 
are esoteric, added Microsoft's 
Sridharan. He said the compa- 
ny chose to develop its own ver- 
sion of UML's Class diagram 
because it is the most widely 
used of all UML diagrams. 



Microsoft also plans to create 
its own version of the Sequence 
diagram, which represents the 
flow of an application. But 
according to Sridharan, it will 
not be included in version 1 of 
VS 2005 Team System, 
promised for the first half of 
next year. 

When Microsoft de- 
livers Class Designer, 
the tool is expected to 
effectively synchronize 
the code with the under- 
lying model, a concept 
known among model- 
ing vendors as "round- 
trip engineering." Some 
UML-based tools al- 
ready have this capability, said 
Microsoft's Sridharan. 

While synchronization is an 
exciting possibility, it is notori- 
ously difficult to achieve, said 
Hollis. "The modeling tool has 
to anticipate every possible 
thing a developer could do to 
code." He said the preview of 
VS 2005 Team did not demon- 
strate Class Designer's synchro- 
nization feature, because it is 
not yet stable enough to gener- 
ate actual code. 

Kobryn said the biggest 
challenge in synchronizing the 
model with the code is main- 
taining the UML's ability to 
represent four different levels 
of abstraction: requirements, 
analysis, design and imple- 
mentation. "The benefit of 
modeling is its ability to switch 
gears. If a model is simply a 
visual rendition of code, you 
are only representing the mod- 
el at the implementation lev- 
el," he said. "We are moving 
toward an interesting phase, 
and it's healthy to have Micro- 
soft coming in."l 



SCO Says OSDL Validates Its Case 



< continued from page 1 

in April, stressed that SCO has 
a strong cash position of more 
than $48 million, which Young 
said "should be enough to fund 
the lawsuits for several years to 
come." Part of that cash comes 
from Baystar Capital's agree- 
ment to sell its preferred stock 
back to SCO for $13 million 
and repurchase approximately 
2.8 million shares of common 
stock for about $37 million, 
Young explained. 

Young said the company is 
classifying its legal fees as costs 



of revenue. For the second fis- 
cal quarter of 2004 ended April 
30, legal fees were $4.4 mil- 
lion, and he said the costs 
should remain the same for the 
third quarter. 

For the quarter, SCO 
reported revenue of $10.1 mil- 
lion and a net loss of $14.96 
million. For the first two quar- 
ters of 2004, the company post- 
ed a net loss of $17.2 million, or 
$1.23 per diluted share. 

McBride also detailed the 
company's product road map 
for the remainder of the year, 



saying the UnixWare 7.1.4 
operating system for Intel and 
AMD processors was to be 
released in June, as well as 
a small-footprint embedded 
Unix operating system. The 
company plans to introduce 
SCO Office Server 4.1 later 
this year that integrates with 
Microsoft Office applications, 
and in August will release an 
authentication server that al- 
lows users to establish single- 
user identity across a heteroge- 
neous Windows and Unix 
environment. I 
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Not even a fairy 
godmother could 

make these wishes 

come true 



But you can get all this and more 
from Green Hills Software 
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AMD: Fatter Chip Makes for Thinner Client 

New GX processor, reference design targets XP Embedded, local application execution 



BY EDWARD J. CORREIA 

The thin get thinner. 
Chip maker Advanced 
Micro Devices Inc. in 
June unveiled the Geode 
GX thin-client reference 
design kit, a hardware and 
software development tool 
set built around the Geode 
GX 533, the latest and most 
powerful in its x86 embedded 
processor family. The company 
also released the Alchemy 
DBAul550, an edition of its 
development board for building 
network devices that now 
implements VPN technology in 
hardware. 

According to Erik Salo, 
director of marketing for AMD's 
Personal Connectivity Solutions 
Group, having a faster, more 
powerful processor on board 
will permit developers to build 
more capable thin-client work- 
stations than previous designs. 
"For the first time, we're bring- 
ing full-featured CPUs to low- 
power and low-cost spaces. The 
board is targeted specifically at 
running [Windows] XP; the GX 
does a good job of it." Power 




AMD's new jr86 draws as 
little as 0.9 watts. 

consumption of the new GX 
processors ranges from 0.9 to 
1.1 watts, while conventional PC 
processors start at about 30 
watts, he said. 

The US$7,500 kit, which be- 
gan shipping in May, includes a 
4.7 x 5.3-inch board with GX 
chip at 333, 366 or 400MHz, 
case and power supply, inte- 
grated 2D accelerated graphics 
supporting up to 1,600 x 1,200 x 
16-bit or 1,280 x 1,024 x 24-bit, 
three 8-bit digital-to-analog 
converters, 3D Now and MMX 
instruction sets and a daughter- 
card connector for I/O options. 
Software includes development 
versions of Linux, and Windows 



CE and XP Embedded, and 
demonstration images that 
run local versions of 
Microsoft and Cit- 
rix Windows- 
based termi- 
nal clients (RDP 
and ICA), Java, 
Flash, HTML and 
multimedia content. 
Salo said thin clients 
are commonly used for 
deployment of data-entry, cus- 
tomer-service, call-center and 
other so-called heads-down 
apps. "The thin client is perfect 
for a centralized application 



that many people need to run" 
and are far less expensive to 
maintain than conventional 
PCs, he said. "It's difficult to 
mess them up, and they don't 
have hard disks that fill up" or 
are affected by viruses or user 
error. The board also can be 
useful in blade PCs, kiosks and 
point-of-sale and educational 
terminals. 

SECURE CHEMISTRY 

An alliance with security devel- 
oper SafeNet has resulted in 
the Alchemy DBAul550, the 
newest member of AMD's 



development kit series that now 
provides IPsec and SSL securi- 
ty in hardware for building 
gateways, network- attached 
storage, wireless access points 
and other networking devices. 

Available now for Linux, 
VxWorks and Windows CE, the 
$1,995 board accelerates VPN 
packet processing with unlimit- 
ed simultaneous tunnels, im- 
plements DES, 3DES, AES, 
ARC-4, SHA-1 and MD5 secu- 
rity protocols, provides a True 
Random Number Generator 
and supports DDR or SDRAM 
memory. I 



Symbian Signed Program Draws Criticism 



BY EDWARD J. CORREIA 

When mobile operating system 
consortium Symbian Ltd. 
launched Symbian Signed, a pro- 
gram under which developers 
submit applications to a third- 
party tester to validate they are 
free of malicious behavior and 
content, the program immedi- 
ately was criticized by technolo- 
gy analyst Gartner Inc. as pan- 



dering to network operators. 

"This is not even in the best 
interests of Symbian," said Nick 
Jones, a Gartner vice president, 
who called the program weak 
and focused more on applica- 
tion publishers and less on 
users. "The test criteria are 
absolutely minimal, they don't 
say the application has to work, 
and there are no standards of 



Mocana Tiptoes Into Embedded Security 

Claims small-footprint SSH/SSL tools simplify remote-device lockdown 



BY EDWARD J. CORREIA 

Claiming to address a critical 
need for simple security for 
embedded devices, distributed- 
system security developer Mo- 
cana Corp. in mid- June released 
Embedded Security Suite, a 
small-footprint SSH/SSL solu- 
tion that it claims can drop into 
any existing device in hours, 
rather than the weeks it says are 
required of competitive solu- 
tions, and requires no knowledge 
of security protocols. 

"We've had our heads down 
working on this for the past two 
years," said Mocana CEO Adrian 
Turner, whose Silicon Valley 
company was founded in 2002 
and until now was selling parts of 
the suite directly to networking 
and communications hardware 
makers. He credits the product's 
simplicity to its abstraction layers 
and API. "We've spent a lot of 
time making sure a developer 
doesn't need to understand secu- 
rity to be able to use it," he said. 

The solution is intended for 
resource-constrained devices 
such as those in networking and 
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Mocana claims that its solution can drop onto any device, regardless of operating system. 



for industrial automation and 
control. "This market has been 
underserved and unable to 
deliver an easy-to-use high-per- 
formance security solution," he 
said. "Application code does 
not have to change to use this." 
Another key differentiator, 
Turner said, is footprint size. 
Competitive open-source secu- 
rity projects OpenSSL and 
OpenSSH require about 1MB 
of device memory, he said. 
"They were not designed for 
embedded systems, so there 
was no thought given to code 



optimization or the ability to 
turn features on and off." 

The suite consists of three 
modules, which start at 
US$6,500 each: SSH Server, for 
command-line access to a 
remote device through a Secure 
Shell connection; SSL/TLS 
Server, for browser-based con- 
nections via Secure Sockets 
Layer or Transport Layer Secu- 
rity; and SSL/TLS Client, 
which permits a device to 
access back-end servers or oth- 
er devices peer-to-peer. 

SSH Server uses about 



70KB of device memory, Turn- 
er said, and the latter two about 
50KB each or 65KB together; 
all three use about 110KB. 
They are royalty-free and 
include source code. Encryp- 
tion protocols are modular, to 
allow others to be swapped in, 
Turner said. Embedded Security 
Suite, which works with any 
RTOS, became generally avail- 
able on June 14. Developers can 
download fully functional bina- 
ries with sample code for 30-day 
evaluation at www.mocana.com 
7evaluate.html. I 



usability," he added. 

Defending the program was 
Matt Volpi, head of developer 
resources marketing at Nokia 
Inc., which will own a majority 
stake in Symbian pending 
consortium approval. "People 
should know exactly who created 
[an app], that it hasn't been 
altered and will not crash 
your phone or delete your data," 
said Volpi. The program (www 
.symbiansigned.com) costs €560 
for an app's first submission, and 
€280 subsequently. Also re- 
quired is an ACS Publisher ID 
from VeriSign (US$350). 

Jones also disparaged the 
self-certification policy, under 
which approved developers 
can test their own applications. 
"There's no guarantee that the 
process is unbiased." 

"Down the road, people 
publishing a lot of content could 
become recognized as self-sign- 
ers," countered Volpi; for now 
consultancy Capgemini Group 
handles all signing. 

Also of concern to Jones is 
Symbian's one-stop signing, 
which replaces initiatives of oper- 
ators and handset vendors, creat- 
ing a potential point of control for 
network operators. "They might 
say, 'You have to be a Symbian 
Signed application or we won't 
let you install on our handset.' 
This could be bad for an enter- 
prise that wants to install a busi- 
ness application." 

But according to Volpi, this 
could actually benefit the enter- 
prise. "If I'm deploying an appli- 
cation within my enterprise, I 
want to make sure that what peo- 
ple are getting is really coming 
from our IT department." I 
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Analysis Tools Aren't Static 

New breed of products can help developers write more efficient and 
compliant code, but how will they affect the way your business works? 



BY ESTHER SCHINDLER 



Y 



oii've just had a whole new bundle 
of technology dropped in your lap. 
At Microsoft Corp. s Tech-Ed 
conference in May, CEO Steve 
Ballmer demonstrated new code 
analysis functionality that's promised for 
the next version of Visual Studio. Sud- 
denly, these tools are in the limelight; 
your CEO, even if you're not a Windows 
shop, is asking about the subject. While 
code analyzers have been around since 
the dawn of computing — starting, per- 
haps, with the venerable lint, which 
checked C code for compliance with 
team standards and tested applications 
for known weaknesses — today's tools 
promise more. A lot more. 

But there's more to static code analysis 
than technology and products. What are 
the side effects of deploying code analysis 
tools, and will all of them be positive? 

Todd Green, vice president of sales 
and marketing at Lexient Corp., which 
sells a code analyzer called Surveyor, cit- 
ed a customer whose business process 
changed, positively, because of the way 
the tool is used. Lexient's customer (who 
asked not to be identified) is a software 
consultant who often bids on consulting 
engagements. Usually, he has to do so 
without access to the application source 
code he'll be working on during the bid 
process. As a result, his consultant bid 
was high, because he had to do a full code 
review as the first phase of any project he 
won; plus, because he had to assume the 
worst, he built in a lot of "float." 

According to Green, the consultant 
could require that Surveyor be run 
against all code to be modified. While 
the consultant still cannot see the source 
code before he's won the bid, he can 
read the code map and metrics generat- 
ed, and therefore be able to understand 
the situation on the ground. "Now he 
can see what kind of rat's nest he's get- 
ting into," says Green. The result? The 
consultant can make a more accurate 
(and often lower) bid, without the risk of 
committing to a project that'll cause him 
to lose money. Everybody wins. 

Not all of the effects are so heart- 
warming, however. Consider that a 
spell-checker will not flag the incorrect 
use of homonyms within your favorite 
word processor, such as to, too and two, 
or correctly spelled typos, and an ill- 





informed writer won't know the differ- 
ence. Analogous situations can occur 
with static analyzers. What software 
development errors are made in the 
guise of over- reliance on the tools? 

THE USUAL SUSPECTS 

When vendors promote the benefits for 
using code analysis tools, the buttons 
they push hardest are the savings in 
development time and the ability to find 
flaws earlier in the development 
process — not to mention the money 
you'll undoubtedly save as a result, 
which is almost more, they say, than the 
price of their software. 

When the products deliver on their 
promises, their technology-centric bene- 
fits certainly affect the application cre- 
ation process, simply because they let 
programmers get their work done faster, 
easier and with more confidence in code 
quality. That's nothing to sneer at. "Mod- 
ern tools have made me more produc- 
tive and less error-prone, and it's a good 



thing, since the size and complexity of 
what I work with has increased drastical- 
ly," explained Al B aimer, principal of 
Balmer Consulting, a small company in 
Burlington, N.C. 

That opinion is shared by David 
LaRue, senior software engineer at Tel- 
tronics Inc., in Sarasota, Fla. LaRue, 
who writes embedded software and 
applications for communications prod- 
ucts, said, "Code analysis tools have 
helped me ensure that the code paths 
get tested, stressed and documented. 
The general use of many of these tools 
has helped me find flaws earlier in the 
development process." 

Lax Sakalkale, senior product manag- 
er of Borland Software Corp.'s Opti- 
mizeit product line, called these tools 
"developer hygiene." They help a pro- 
grammer find the code weaknesses 
before someone in the real world does. 
"The tools you use make you smarter in 
using your time," he pointed out. 

Often, code analysis tools are most 



appreciated when developers have code 
thrown at them and are expected to get 
up to speed on it quickly. That's most 
common in situations where the develop- 
ers are unfamiliar with the programming 
language or the methodology used in the 
inherited code. Lexient's Green described 
a customer whose development organiza- 
tion got "a herd of new developers," 
draining a couple of local colleges for the 
space of the summer. It had the challenge 
of getting the team of college kids up to 
speed for a three-month project. How 
else could you do it, he said, except with 
an analysis tool? 

But rapid technology adoption is far 
from the only situation in which these 
tools are put to use. Gradually, code 
analysis tools are being adopted as part 
of the code acceptance process. That's 
especially true among enterprises that 
are offshoring some of their software 
development, said Borland's Sakalkale. 
In the process of subscribing to an out- 
► continued on page 28 
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sourcing firm, he said, a large telecom 
customer required the firm to use Opti- 
mizeit on all the code written. "It goes 
into the contract," he said. Oddly, he 
noted, this contractual requirement is 
much more common with outsourced 
development than with in-house pro- 
gramming projects, over which manage- 
ment presumably has more control, 
though that's beginning to change. 

In addition to the special needs of 
consultants and outsourcing firms, code 
analysis tools are often used in the 
process of buying a new software product 
or acquiring a company. According to 
Chris Wysopal, vice president of research 
and development for security company 
AtStake Inc., it's common for a company 
to ask for an application to be scanned 
before buying it. "People won't put secu- 
rity into their products unless someone 
asked them to do it," he said. 

NEW MEANINGS FOR METRICS 

One of the technology benefits from all 
those code analysis tools is the ability to 
generate reports with all sorts of useful 
numbers. When used well, the metrics 
can lead to process changes that help a 
team work more efficiently. When used 
poorly. . .we'll get to those in a minute. 
Code metrics can be a godsend for 



programmer code reviews. 
The staff is able to look at 
dispassionate numbers and 
generated lists of priori- 
tized problems, so they 
don't have to argue about 
the seriousness of a per- 
ceived weakness in one 
programmer's code. Plus, 
code metrics can add new 
dimensions to the human 
analysis, such as the ability 
to examine the history of an 
application's complexity. 

"If [a] function has been 
that complex for a year, 
that's OK," said Jason 
Cohen, CEO of Smart Bear 
LLC, which publishes 
CodeHistorian, a code analyzer for 
.NET. "But [if] it's increased tenfold [in 
complexity] in a year, that's something 
else. This lets you catch the sloppy code 
early, before it's a problem." 

On the other hand, metrics permit 
management to require conformance — 
which may or may not always be a wise 
idea. If your goal is to ensure that all appli- 
cations are adequately documented 
(when they're written, not after the fact), 
some tools can set rules that require every 
line of code to have a comment. Are most 
of those wasted? Certainly. But one Smart 




Analysis tools are valuable 
when developers need to get 
up to speed on code quickly, 
says Lexient's Green. 



finding 



Bear customer, according 
to Cohen, insists on such a 
policy because the cus- 
tomer feels it's one way to 
ensure that the code has 
some chance of being well 
documented. 

And then there are 
salary reviews. When you 
give a programmer the 
annual salary review, should 
code metrics be an expect- 
ed part of the process? Will 
you say, "Julie, your design 
skills are great, but accord- 
ing to our analysis tools, you 
don't write as many com- 
ments as your teammates, 
and the security tools keep 
problems with your code. You 
have to work on this"? Should you? 

The issue of conformance to mea- 
sured expectations is one that some 
developers may find uncomfortable (or at 
least impersonal). In most development 
teams, the lead developers have consis- 
tently "better" numbers than do junior 
programmers. As a result, explained 
Cohen, some managers decide that, by 
requiring the entire programming staff to 
comply with the set of numbers estab- 
lished by the coding stars, they'll force 
the junior programmers to grow into lead 



level developers. And maybe it's so. 

However, the larger effect from using 
these tools may have less to do with any 
report or metric generated than with the 
fact that someone is looking. Even the 
threat of a code review, said Cohen, makes 
people write better code. When program- 
mers know that someone else will careful- 
ly examine their work, they'll put more 
effort into making sure it's worth showing 
off. The social pressure, he said, is more 
important than the review or any code 
analysis tools used in conjunction with it. 

THE DARK SIDE OF CODE ANALYSIS 

It isn't all pretty. The biggest problem in 
using these tools, say developers (and 
even vendors), is that some people use 
the tools to replace thinking rather than 
improve it. They hyper-react, or substi- 
tute data for knowledge. 

Teltronics' LaRue believes it's a mat- 
ter of attitude. Some developers love to 
use the tool of the day. "They feel better, 
since the tool enables them to do work 
they otherwise might take longer doing 
or not accomplish at all. Consequently, 
when they 'talk about their work,' it's in 
terms of steps taken to make the tool do 
what it's supposed to help them do.... 
The so-called professional is using the 
tool as a crutch," he said. 

Developer Randy Howard decried 

the tendency of people to believe a tool 

instead of their technical knowledge (if 

► continued on page 30 
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they even acquire that), and gave an 
example that irks him: "Those that trust 
Microsoft Word... when it tries to tell 
them that Fibre Channel is supposed to 
be Fiber Channel. Even people that 
work in the storage field will gladly 
believe Microsoft Word over the indus- 
try standards body. Google for fiber 



channel: 122,000 hits. Google for fibre 
channel: 1,240,000 hits." 

Plus, of course, none of the tools 
themselves are perfect. The vendors are 
attempting to improve their products, of 
course, but experienced developers know 
not to put all their trust in the tools. Inde- 
pendent developer Edward Nilges point- 
ed out just one spot of worry: "The trans- 



WE DON'T NEED NO STINKIN' TOOLS 



One not-so-obvious side effect of 
deploying code analysis tools among 
your development staff is the resent- 
ment and unwillingness on the part of 
some programmers to put them to work. 
A small but vocal percentage of pro- 
grammers are dubious about the value 
of code analysis tools. If you're commit- 
ted to reguiring that the team use such 
tools— and it's obvious that this is 
an everybody-or-nobody process— it's 
important to understand the people who 
really don't want to use the tools. 

Some developers, such as indepen- 
dent computer consultant Bill Mothers- 
head, believe that the tools are inher- 
ently unable to solve the problems 
thrown at them. "If the code is so bad 
that I can't understand it, then looking at 
the very nicely formatted reports from a 
'code analysis' program won't help 



much. The analogy is: If a raving lunatic 
wrote a document in Russian, and I ran a 
program to translate it into English...! 
might be able to read it but still might 
not be able to understand it," he said. 

Or, your developers may be con- 
cerned that the tool's adoption will pro- 
hibit the team from making good deci- 
sions, especially if the tool is incapable 
of managing the project's complexity. 
"Because these tools are spun as replac- 
ing the need for thought, because it is 
said that once the tool is acguired, we 
can now stop thinking, [then] thinking 
stops and the tool becomes responsible 
for ignored bugs created by the tool 
itself," said independent developer 
Edward Nilges. "What is necessary are 
no more 'tools,' and more reusable 
objects. I'll build my own tools, thank you 
very much." 



lation of source code to another language 
is always fraught with danger. If a or b is 
transliterated from Pascal or Visual Basic 
to C or Javascript a II b. If b is actually a 
call on a complex method, b will not be 
evaluated in C or Javascript when a is 
true, while in the legacy code it will be 
evaluated. The end user may have con- 
sciously or unconsciously relied on this 



Others see any sort of analysis tool 
as an indication that only the metrics 
will be examined. Phil Mattison, presi- 
dent of Chandler, Ariz.-based Ohmikron 
Corp., said he's never seen the point in 
such tools. "If you start treating pro- 
grammers like factory workers," he said, 
"it should be no surprise if they start 
acting like factory workers, or leave for a 
better job." 

You probably don't intend to use code 
analysis tools as a way to become Big 
Brother, or to use the tools as a replace- 
ment for human analysis. However, 
these developers' opinions make it clear 
that an important part of your deploy- 
ment process must be devoted to cali- 
brating expectations and making it clear 
how the code analysis results will— and 
won't— be used. 

-Esther Schindler 



fact." You simply can't rely on the tools to 
do the work for you — but plenty of peo- 
ple do so nonetheless. 

Another issue is using the right tool at 
the right point in the development 
process. "You have to apply the right tools 
at the right places," advised Steve Orrin, 
CTO of Sanctum Inc., whose tools scan 
source code for potential security flaws. 
"You don't know where to put the budget 
until you see the process." For example, 
the right time to use a security tool is not 
the night before you launch the Web site. 
What will you do if you find a problem? 
That can be more than a technical issue. 

With security tools in particular — 
using the analysis tools can create poten- 
tial legal liability for your company, 
added AtStake's Wysopal, whose compa- 
ny makes a competing security analyzer. 
If you do a last- minute health check on 
the application, you'll find out if you 
have an issue to resolve. When there's a 
tool that can do something about it, you 
now may be exposed to legal risk, per- 
haps for willful negligence, if you choose 
not to resolve the issue, and if a security 
flaw is later found in your application. 

Even when you use the right tool, you 
must use it at the right time — and use 
human analysis. A code "spell-check" can 
help you pinpoint structural problems, 
said Borland's Sakalkale, "but it won't tell 
you if it's the most efficient at design 
time. It'll tell you at code time, but that's 
too late." I 
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EDITORIALS 

Better Late Than Never 

The worlds of open-source and closed-source software 
continue their uneasy dance, as statements by the 
Open Source Development Labs, The SCO Group Inc. 
and Sun Microsystems Inc. serve only to confuse an 
already puzzling issue. 

In late May, OSDL adopted a new kernel process 
designed to more accurately track the source of submis- 
sions to the project. OSDL became the de facto leader of 
the Linux movement due to the involvement of Linus 
Torvalds and Andrew Morton, and has assumed responsi- 
bility for managing the Linux source repository and offi- 
cial kernel releases. 

According to OSDLs statements, the motivation for the 
new procedure is to ensure that contributors receive the 
proper credit for their work. However, its reasonable to see 
this change as a reaction to criticism that its difficult to trace 
the origin of Linux source code. Without accountability, its 
hard to ensure that contributors aren't polluting the project 
with copyrighted code. Certainly, you're less likely to take 
liberties with someone else's intellectual property if your 
name is permanently linked to your actions. 

SCO was quick to claim that OSDLs new Developer's 
Certificate of Origin (DCO) procedure was an "admission 
of errors" by the Linux community, to quote CEO Darl 
McBride. While many of SCO's recent actions and reac- 
tions have been overly inflammatory, McBride may have 
a point — the precipitous move looks bad. Let us hope that 
it doesn't provide SCO with additional legal ammunition. 

Despite the poor timing, OSDLs new DCO procedure 
is the right thing to do, and we encourage other commu- 
nity-managed open-source projects, particularly those 
that have the potential for the accidental or intentional 
inclusion of proprietary IP, to adopt a similar procedure. 
While even this new process can't guarantee that mistakes 
will not be made, it does offer more accountability for 
projects and individual contributors, and would go far 
toward showing that a project is making an honest effort 
to keep its source code clean. 

Community Solaris? 

What to make of Sun's latest open-source bombshell? 
At a conference in Shanghai, Sun's new president, 
Jonathan Schwartz, said that his company would deliver 
an open-source version of Solaris. What does this mean? 
How does this square with Sun's licensing of core portions 
of Solaris as part of its long-ago Unix deal with AT&T? 

Sun isn't elaborating on Schwartz's comments; company 
spokespeople seemed to have been caught by surprise by 
this announcement. Certainly an open-source Solaris 
would muddy the waters, creating new confusion between 
users of Solaris and those using BSD and Linux. It would 
potentially leave Microsoft as the only major purveyor of 
closed-source operating systems. Any intention to release 
Solaris as open source would also further complicate mat- 
ters with the Java community, particularly with key part- 
ners such as IBM and others, which have called for Java 
itself to be released as open-source software. 

Schwartz said that it's not "if, but when." Given that 
his own company was apparently surprised by his com- 
ments, the question really is, "What are you talking 
about, Jonathan?" I 



BEAting a Path to Nowhere? 



In late May I attended eWorld, 
BE As annual shindig in which 
it rallies the troops, announces 
new products and explains strat- 
egy. BE A has always been good 
at presenting these shows. 
Numerous technical sessions 
demonstrated the company's 
deep understanding of enter- 
prise applications and running 
them on Java platforms. No 
doubt about it — BE A has the 
technical chops. 

What the company appar- 
ently lacks, however, is a busi- 
ness strategy that points to 
growth and shows how the 
company will hold off IBM on 
the high end and the growing 
open-source competitors on 
the low end. For analysts like 
me, this was what we hoped to 
learn at eWorld. BEA cus- 
tomers who might be anticipat- 



ing future app-server purchas- 
es were similarly looking for 
reasons to believe. 

In my opinion, eWorld 
failed to deliver. The compa- 
ny's announcements were just 
a repackaging of known BEA 
technologies. Let's 
look at this more 
closely. Five years 
ago, BEA was soar- 
ing. It owned the 
Java app-server mar- 
ket. IBM was far 
behind it — more 
challenged by Sun 
than by BEA. Then 
what happened? 

Within a few 
years, IBM overtook 
BEA because of two crucial fac- 
tors: IBM had a much better 
entry to its customers (what 
with selling hardware of all 



Integration Watch 




stripes, a market-leading data- 
base, and the 800 lb. gorilla in 
the middleware space), and 
more important, IBM realized 
that an app server is not a tech- 
nical sell. BEA, in contrast, 
continued to view its product as 
a technical pure play 
that had to appeal to 
developers. So, when 
IBM started chewing 
up BEA's lead, BEA 
responded with ini- 
tiatives and technolo- 
gies that targeted 
developers rather 
than its real cus- 
tomers, IT and devel- 
opment managers. 
This mispercep- 
tion led to a series of products 
and releases that have gone 
nowhere: BEA's Web Logic 
Workshop and the dev2dev ini- 
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SKILLS MADNESS 

I wholeheartedly agree with 
Allen Holub's argument that 
companies are taking the wrong 
approach when looking for 
above-average programmers 
["When Hiring, Smarts Beat 
Skill Lists," June 1, page 37, or at 
www. s dtime s . com/cols/j avawatch 
_103.htm]. This shortsighted 
attitude is not limited only to 
development, but is rather 
an epidemic that began the 
instant the economy went sour 
and has spread throughout the 
entire IS industry. 

Many of these companies 
have an "all you can eat" or 
"buffet" mindset. I am an 
unemployed (no surprise!) Sr. 
Technical Support Engineer/Jr. 
DBA, and the list of required 
skills that I have been confront- 
ed with would make any reason- 
able person's head spin. Even 
when applying for low- or 
entry-level jobs, I am often re- 
quired to be an expert in about 
10 to 15 different skills. 

In this very tight job market, 
I must be a senior programmer, 
OS administrator and DBA all in 
one to even be considered. To 
make things worse, I must navi- 
gate around HR departments, 
which I believe are nothing 
more than huge, ill-informed, 
bureaucratic obstacles in an 
already daunting hiring process. 

Unfortunately, managers 



these days need them to weed 
through the thousands of re- 
sumes received for each avail- 
able job. I share your concerns 
for the future of this industry, 
but in this "How can we get the 
most for the least in the short- 
est amount of time?" business 
environment, I don't see this 
trend changing anytime soon. 
KT Renaud 

This is wonderful. Very rarely 
does the interview look into 
these parameters as the author 
has suggested. But to make a 
good design decision, one 
should have at least exposure to 
all the technologies so that he 
may be able to appreciate 
the various technologies and 
make a sound design decision. 

Nimesh Jain 

HP India Software 

Operations 

Good to-the-point column. I 
only wish my company would be 
open to suggestion and take this 
advice to heart. The philosophy 
at my company is to continually 
hire inexperienced programmers 
fresh out of college and immedi- 
ately start them coding on our 
most critical applications. 

The experienced program- 
mers are then brought in at the 
end of an iteration to perform 
clean-up work. Most of our ana- 
lysts are from the waterfall 



school of design, which has 
been proven time and time 
again to fail. 

I actually have one analyst 
complain continually about 
OOA/D and our Gang of Four 
"gibberish." They just can't 
seem to figure out why there 
are so many bugs in the produc- 
tion code and the maintenance 
costs are so high. Sadly enough, 
I am betting most companies 
are in the same boat. 

Edward L Singleton 

Senior Programmer 

Shelter Insurance 

Companies 

I just forwarded this article to 
my HR manager, vice president 
and manager. 

I really liked the part in which 
Allen Holub mentions how one 
should look at the design, coding 
and architecture concepts dur- 
ing interviews. Some of the 
points mentioned here are the 
same I have been trying to get 
our company to practice. This is 
a very technical approach to 
interviewing a technical person. 

Prashanth Kumar 

FEATURES COST 

I just wanted to say thank you 
for two very good articles on 
outsourcing and programming. 
I was especially attracted to 
Allen Holub's column, "When 
Hiring, Smarts Beat Skill Lists." 
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tiative. Web Logic Workshop, 
which I wrote about in the Oct. 
1, 2002, issue, was originally 
packaged as a Web services 
product, not a Java develop- 
ment tool. It has now been 
expanded and repositioned as 
"a full-featured Java develop- 
ment environment." It's a great 
product, but who wants to be 
competing against Eclipse? 
Note how Borland's JBuilder 
and Sun's NetBeans are faring 
in that competition. 

dev2dev was another attempt 
to appeal to individual develop- 
ers. The idea, presumably, is that 
if developers see how much sup- 
port they can get from BE A for 
their projects, they will push 
their companies to buy its Java 
server. Most developers know 
that such a goal has a rather 
unrealistic aspect to it. Worse 
yet, dev2dev is nothing close to 
the real heavyweight of ven- 
dor-sponsored Web sites, the 
much admired developerWorks 
from. . .dang!. ..IBM. 



BEA has yet to recognize 
that WebLogic's success arose 
because the product provided 
an enterprise-scale solution at 
a time when no one else 
offered one. It had nothing to 
do with the desires of individ- 
ual developers. 

Indeed, developers are not a 
good audience for building large, 
successful companies. In the 
past 25 years, only Borland and 
Rational have had any success 
pursuing this strategy, and nei- 
ther one has known great finan- 
cial success because of it. The 
problem with selling to technol- 
ogists is that you can't really 
leverage what you're selling. 
How do you leverage an app- 
server sale? Sell services? OK, so 
you show the customer how to 
install, configure and run the 
package. Then what? 

Contrast this to IBM's 
approach. It goes to a site to 
solve a specific problem. It sells 
the site hardware, a Java server, 
middleware, a database, content 



management and security tools. 
It bundles them into a solution 
and then sells services that use 
the technologies to tailor a spe- 
cific deliverable. Then it pro- 
vides ongoing support for all the 
IT areas its technology touches, 
even hosting certain applica- 
tions, if necessary. Which busi- 
ness model looks more appeal- 
ing to you, as a development 
manager? 

So, I was hoping that BEA 
would announce, let us say, that 
it was now going to start provid- 
ing IT services for Java shops. It 
would do integration work with 
any and all database vendors, 
and it would tie BEA into your 
Web site and provide you with 
all the software and skills you 
need to do massive transac- 
tional work on e-commerce 
sites. In addition, its new secu- 
rity tool knows how to bolt 
down your site and make sure 
nothing gets to the app server 
that shouldn't be there. One 
of these panoramic scenarios 



would show me that the compa- 
ny understands enterprise-level 
IT and intends to be a major 
solutions provider there. 

Instead, we heard about 
Liquid Data, the company's 
newest product initiative aimed 
at service-oriented architecture 
(SOA). Now, I admit SOA is one 
of the best architectures ever to 
come down the pike. The prob- 
lem is it will appear in IT shops 
on a purely incremental basis. 
No one is tearing out his infra- 
structure to replace it with 
SOA. Notice the size of all the 
Web services vendors today 
(Actional, Cape Clear and the 
like.) They're specks. This is 
BE As new target? I expect con- 
tinued disappointing earnings 
from BEA until the company 
understands that solutions 
rather than technologies are 
what its customers want. I 

Andrew Binstock is the princi- 
pal analyst at Pacific Data 
Works LLC. 



My question was, has any- 
one done a study on the "laun- 
dry lists" effects on costs? 

To me it just makes logical 
sense that if someone wanted to 
be a software developer but had 
to know what Allen mentioned: 
"Linux, Unix and Windows sys- 
tem administration, in-depth 
knowledge of Oracle, SQL 
Server and Sybase, mastery of 
C++, Java and Visual basic, and 
an in-depth understanding of 
WebSphere, Apache/Tomcat 
and Web Logic," then that 
someone is going to want 
$150,000 a year whether they 
live in the poorest parts of the 
nation or Silicon Valley. 

To claim this knowledge is 
one thing, but what about 
those programmers who fear 
not being able to get a job and 
are trying to get it? How many 
years would it take? 

The special report titled 
"Enterprise Databases: Mission- 
Critical Commodities" [June 1, 
page 27, or at www.sdtimes 
.com/news/103/speciall.htm] 
provides a great analogy. Every 
additional feature you want costs 
more. Should it not be the same 
with hiring someone? 

Would costs go down if com- 
panies hired what they needed? 

David W. Steyer 

TOO MUCH AT STAKE 

I completely agree with Allen 
Holub's assertion that IBM has 
invested too much in Java and 
they won't let Java die ["You've 
Gotta Have Faith," May 15, 



page 33, or at www.sdtimes 
.com/cols/javawatch_102.htm]. 
But what makes Mr. Holub 
think that IBM would buy Sun 
instead of creating its own ver- 
sion of Java (with another 
name, of course)? 
Alex Ruiz 

Software Developer 
Becker & Poliakoff, P.A. 

MAKING IT CLEAR 

I read the complete article on 
Vx Works 6.0 on your site 
["Wind River's VxWorks 6 
Adopts Process Model," March 
1, page 25, or at www.sdtimes 
.com/news/097/embl .htm] . 

I have read much of the 
material on this matter, but nev- 
er was the picture so clear. 

Thank you. 

Utsah Mehra 

CORRECTION 

AutomatedQA Corp. has re- 
leased version 4 of its AQtime 
performance profiler, which 
combines its Win32 and .NET 
versions into one product. The 
version number was incorrect 
in a news brief in the May 15 
edition. 



WHAT DO YOU THINK? 

Letters to SD Times should include 
the writer's name, company affilia- 
tion and contact information. Letters 
become the property of BZ Media 
and may be edited. Send to feed- 
back@bzmedia.com, or fax to +1-516- 
922-1822. Please mark all correspon- 
dence as Letters to the Editor. 



How Many Times TA WATCH 
Has Your Network Been 
Attacked in the Past Year? 

Almost two-thirds of developers said their company's net- 
works or Internet sites were attacked at least once in the 
past year, and nearly two in five said their sites had been hit 
as many as five times despite efforts to fortify them, accord- 
ing to Evans Data Corp.'s North American Development Sur- 
vey, Spring 2004. 

In addition, the study showed that more than 12 percent of 
the 502 developers responding to the survey said their com- 
panies suffered attacks at least six times, and some as many 
as 50 or more times. 

This represents an increase from the period six months 
earlier, in which 54 percent of respondents reported at least 
one breach, and 9 percent said they had suffered six or more 
attacks. 
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More Thoughts on Tiger 



A month or so ago I talked about my 
disappointment in some of the fea- 
tures of Sun's Tiger (J2SE 1.5) release 
("Missed Opportunities," May 1, page 
33). This month I want to talk about a 
couple more problems that I see in the 
new version. 

As before, bear in mind that there's 
a lot of good stuff in Java 1.5. It seems 
appropriate to devote column space to 
the features that might give you grief, 
however, since you're less likely to hear 
about it from the official documenta- 
tion. 

STATIC IMPORTS 

Let's start with static imports. Given this 
code: 

package com.holub.test; 

public class Constants 

{ public static final String HELLO = "hello"; 

public static String global = " goodbye "; 

public static String noNoNo() 

{ return "NoNoNo!"; 



you can do this: 

import static com.holub.test.Constants.*; 

public class Foo 

{ //... 

public static void main(String[] args) 
{ System.out.println( HELLO + global 



+ noNoNoQ ); 



There's no class-name prefix in front 
of the HELLO or global references or the 
call to noNoNO(); 

Importing a global constant like 
HELLO is relatively (though not com- 
pletely) harmless. (The 
problem is that the Static 
final reference might point 
to an object that can change 
state. A Static final is not a 
constant. The lack of a true 
constant in Java has been a I 
problem from day one.) 

Nonetheless, I might be 
happy with static imports if 
they were restricted to Static 
final fields. Unfortunately, 
they aren't. You can also use Static import 
to access what amounts to global vari- 
ables and functions. I've deliberately 
used the word "function" rather than 
"method" in the last sentence. The func- 
tion noNoNO() is not really a method of a 
class of objects — it is not called to han- 
dle a message passed to some object; 
noNoNO() is a procedural function, pure 
and simple. 

Yes, Virginia, you can now write a C 
program in Java. (In fact, if you're real- 




ly a hard-core C programmer, they've 
added System. OUt.printf(), which works 
just like the C function with the same 
name.) The language is just too complex 
to justify its use in non-OO applications. 
Introducing global variables and global 
functions is a giant step backward. 

GENERICS 

The other big addition to Java is gener- 
ics, which look a lot like C++ templates 
but are really quite different. People who 
know templates will be con- 
fused by generics, and people 
rwho don't know templates 
will not benefit at all from 
using the C + + syntax. 

A C + + template is a 
"metaclass." Think of it as a 
macro whose arguments are 
type names, which expands 
Trf-Jif to a class definition with the 
- 1- f j - template arguments replacing 
placeholders in the template 
definition. 

A Java generic is a means of telling 
the compiler to supply an implicit cast to 
method arguments or return values. You 
can use the two mechanisms to accom- 
plish similar ends, but the differences 
are nontrivial. 

Unfortunately, to use generics effec- 
tively, you have to master lots of com- 
plex and subtle details. I'm not sure 
that I welcome the introduction of a 
very-hard-to-get language feature into 



what used to be a simple object-orient- 
ed language. Fortunately, generics have 
very few uses in practice. The main 
application is the Collection classes 
(supplied in J2SE 1.5). Instead of 
inserting and removing generic 
Objects, you can specify a type. 

The following code defines a 
LinkedList of Strings. There's no cast 
needed on the removeFirst() call 
because the compiler knows that the list 
has nothing but String objects in it, so 
supplies the cast. 

LinkedList<String>c=newLinkedList<String>(); 
//... 

c.addFirst("Hello"); 
String s = c.removeFirst() ; 

People have been writing Java for 
years without generics, and nobody's 
really noticed that they were missing, 
other than a few die-hard C + + pro- 
grammers. I programmed in C + + for 
eight years before moving to Java, used 
templates heavily in C + + , and didn't 
miss them at all when I moved to Java. 

One of the advantages of Java over 
C + + was that it didn't have the 
extra complexity of things like 
templates, which only gurus under- 
stood. This will be the case with gener- 
ics as well. The loss of simplicity is 
unfortunate. I 

Allen Holub is a leading architect, consul- 
tant and instructor in C/C++, Java and 00 
Design. Reach him at www.holub.com. 
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Summer Reading List 



Remember that scene in "American 
Beauty," where a bag blows in the 
unseen and unknowable wind, never 
coming to rest? Now imagine an ant tied 
to the bag with coils of science-fiction- 
worthy unbreakable yet almost invisibly 
thin lines. Put the whole mess in the mid- 
dle of the San Francisco Bay, and you'll 
have a good idea of what learning to kite- 
board is like. It's like bull riding, but with 
more drowning and decapitation. 

But summer, for adults, is a time for 
learning, for focusing on something oth- 
er than the day's progress toward the 
next milestone. We must expand our 
horizons, with either kiteboards or soft- 
ware development exotica. There is 
much to learn about the forthcoming 
.NET Framework 2.0 and its associated 
languages, especially C# and Managed 
C++, but the new generation of tutorial 
books have not yet hit the shelves. 

My favorite .NET language-specific 
book of the past year is Paul Vick's "The 
Visual Basic .NET Programming Lan- 
guage," which will hold its value even in 
the face of the next generation of Visual 
Studio. Vick's book is pitched perfectly 
to be simultaneously comprehensive and 
accessible. 

Although Vick's book is a paragon of 
clarity, I had to qualify the word "favorite" 



because my flat-out favorite book of 2003 
was Randall Hyde's "The Art of Assembly 
Language." One of the very few advan- 
tages that we of an older generation have 
over younger programmers is more expo- 
sure to the low-level details of registers, 
interrupts and the like. Perhaps knowl- 
edge of these things "just" reassures us 
that below all the APIs and 
metaphors computers are 
quite straightforward, but I 
think that such confidence is 
an important thing. And yet, 
prior to last fall, the last chip 
for which I coded in assembly 
was the 80386. Hyde presents 
what he calls "High Level 
Assembler," which has control 
structures and even error han- 
dling, but which allows you to 
LAHF your head off. 

If you agree with the sentiment but 
think Intel-compatible assembly lan- 
guage is just too old-school, I recom- 
mend Kathleen Dollard's "Code Gener- 
ation in Microsoft .NET" paired with 
"The Common Language Infrastructure 
Annotated Standard," by James Miller 
and Susan Ragsdale. Throw in an old 
favorite like "Modern Compiler 
Design," by Grune et al., and you 
should be able to occupy yourself 



through the summer's rainiest weekend. 
Software Development Magazine's 
Jolt Award for books this year went to 
"Waltzing with Bears: Managing Risk on 
Software Projects" by Tom DeMarco 
and Timothy Lister and was an easy 
vote. Anyone who's read "Peopleware" 
knows what kind of value DeMarco and 
Lister pack into slim volumes. 
(You haven't read "People- 
ware"? Add it to your cart 
immediately!) "Waltzing with 
Bears" breaks risk manage- 
ment into "Why, Why Not, 
How, and How Much" and, 
| amazingly, pretty much says 
^m\ everything that needs to be 

said about the tentpole of 
software project management 
in just 195 pages. 
I advocated for Hyde's book to take 
the Jolt in the technical book category, but 
it lost to David Astels' "Test-Driven 
Development: A Practical Guide," which 
is certainly a hot topic and very relevant to 
the day-to-day needs of developers. The 
excellent "Pragmatic Unit Testing in C# 
with NUnit," by Andrew Hunt and Dave 
Thomas, may be more directly applicable 
to this column's readership. Another Jolt 
finalist that I was sad to see not take home 
a prize was "Practical Cryptography," by 




Larry 
O'Brien 



Niels Ferguson and Bruce Schneier. 
"Practical Cryptography" presents con- 
crete advice on cryptography where 
Schneier's classic "Applied Cryptography" 
surveyed the field; essentially, if your work 
touches on cryptographic concerns, you 
must have "Practical Cryptography," 
while if you want to stretch your brain, 
"Applied Cryptography" remains the 
quintessential work. 

The most anticipated book of the 
year, Steve McConnell's "Code Com- 
plete, 2nd Edition," arrived after I had 
finished the first draft of this column. 
My immediate reaction was praise run- 
ning to several hundred words that I'll 
summarize to "the best book of the 
year, and probably the next several." 
(You can read my complete core dump 
at www.knowing.net/2004/06/04.aspx. ) 

McConnell's sweeping text on code 
construction, "the central activity of soft- 
ware development," remains unparal- 
leled in scope and discipline: accessible 
to any programmer and yet not faddish, 
filled with pragmatic advice on con- 
structing your next line of code and yet 
bolstered by hundreds if not thousands 
of references. It deserves to be the 
most-read technical book of the year, 
which it almost certainly will be. I 

Larry O'Brien is an independent tech- 
nology consultant and analyst, and the 
founding editor of Software Develop- 
ment Magazine. 
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One Blueprint for Architectures 



Industry Watch 



.. 



As the presidential legacies of Ronald 
Reagan, George H.W. Bush and Bill 
Clinton are debated at memorials, in 
memoirs and from memories, one federal 
achievement is obscured by Iran-Contra, 
"Read my lips," and "I did not have sexu- 
al relations with that woman." However, it 
might prove to have the 
longest life of them all. 

Its the Clinger-Cohen Act 
of 1996, also known as the 
Information Technology Re- 
formation Act. And recent 
efforts by vendors and a pair of 
consortia are intended to make 
it easier to comply with the law, 
which states the government 
will not fund any technology 
projects that are not part of the 
larger federal enterprise architecture. 

What the U.S. government discov- 
ered was that it could not share artifacts 
between departments, and could not be 
sure how new assets fit into the grand 
scheme of things. This excited software 
architects — those who want to put the 
engineering into software engineering — 
but didn't do much for project managers 
and developers. There still was a big dis- 
connect between the diagrams and the 
coders who only looked at them once in 
a while. 

The Open Group and the Object Man- 
agement Group are trying to improve the 
connection by working together to create 
an architecture that drives development. 
Last month, they announced a joint 
effort to bring OMG's Model Driven 
Architecture (MDA) together with The 
Open Group Architecture Framework 
(TOGAF) and released a white paper 
detailing the work. 

"Early on, we recognized the archi- 
tecture has to be connected to develop- 
ment, or else you're just creating moun- 
tains of paper," said Terry Blevins of The 



SERENA TO PURCHASE 

Serena Software Inc. is continuing its shopping 
spree with the late June acquisition of RTM r a 
requirements management package from Integrated 
Chipware Inc. The exact terms of the deal were not 
made public, but Ashley Owen, director of product 
marketing for Serena, said that the price was 
approximately US$3 million, and that Serena is pur- 
chasing only that one product. 

Integrated Chipware offers other tools for the 
embedded and semiconductor industries that Serena is 
not acquiring. 

RTM, which stands for Requirements and Traceabil- 
ity Management, is a package designed for very large 
companies and is used by several hundred customers, 
said Owen. Serena's intention is to integrate RTM with 
its other products, beginning with Dimensions, the 
change-management software that Serena acquired 
along with its purchase of Merant. According to Owen, 






mm 



Open Group. "TOGAF tells you how to 
do architecture, but it doesn't prescribe 
how to create architecture artifacts. The 
MDA approach produces a good archi- 
tecture model done in an independent 
layer. They're quite complementary." 
So why do this now? Fred Wask- 
iewicz, who has been working 
on architecture languages for 
a long time, said, "From the 
OMG standpoint, MDA spec- 
ifications started to appear. 
There's UML for describing 
architecture, and MOF, for 
describing metadata and 
metamodels. That's the level 
architects work at. It's all 
coming into play now." 

But does enterprise archi- 
tecture need MDA? Jan Popkin of Pop- 
kin Software, an acknowledged leader in 
the enterprise architecture solutions 
space, doesn't think so. "I think this is 
another notable effort to take EA down a 
value chain, another use case for enter- 
prise architecture," he said of The Open 
Group-OMG work. But he said MDA 
needs EA, not the other way around. 
"The promise of moving the design down 
to the executable is a great opportunity, 
but it's not a justification for EA. It has a 
lot of other legs it stands on," he added, 
citing efforts by OASIS (Business Process 
Execution Language) and BPMI.org 
(Business Process Modeling Notation) as 
ways to get visualizations of the business 
goals and assets down into executables. 

Meanwhile, IBM has begun talking 
up enterprise architecture through its 
Rational tools division. 

"Our customers have been building 
software effectively, but they might now 
understand how their software all fits 
together," said Dave West, group man- 
ager for industry solutions at IBM Ratio- 
nal. "Businesses want to build a series of 



views of their systems, to determine 
what elements of the computer system 
fulfill their business needs." West said 
banking organizations, and others with 
large portfolios of software assets, have 
begun to start thinking in this way. 

"Developers aren't talking about EA. 
Program managers and project managers 
are talking about it. CIOs are realizing the 
benefit," West added. "A startling concern 
of mine is that organizations understand 
what they spend on IT — software, hard- 
ware, wages — but they can't map it to 
their business systems." 

West said IBM Rational is trying to 
introduce process and discipline higher 
up in an organization, using as an analo- 
gy the difference between house plan- 
ning and town planning. "Organizations 
have good people to build houses, and 
they build good houses. But where are 
the roads to support it, and where are 
the plumbing lines?" 

As for developers buying into the 
program, OMG's Waskiewicz said, "Cer- 
tainly, developers suffer the conse- 
quences of poorly architected systems. 
Unless they enjoy sitting at a computer 
terminal 24x7, their lives will be made 
better both personally and professional- 
ly" by enterprise architectures. "Their 
work projects will be more interesting, 
and the horrible errors that lead to 
throwing out months of work can be 
avoided. It's a disciplined software engi- 
neering approach to application systems 
development." 

Enterprise architecture clearly is not 
for every enterprise. In small organiza- 
tions, the business and IT links can be 
held in a few heads. For now, it's the 
large enterprises, where IT is a sub- 
stantial budget item, where there is a 
need to have understanding from the 
boardroom down to the technicians. 
Only time will tell how widely it's 
adopted, and which effort ultimately 
gains the most traction. I 

David Rubinstein is editor of SD Times. 



CALENDAR OF EVENT* 









Macworld 
Conference & Expo 

Boston 

IDG WORLD EXPO CORP. 

www.macworldexpo.com 



July 12-15 



Rational User July 18-22 

Conference 

Grapevine, Texas 
IBM CORP. 

www-306.ibm.com/software/rational 
/events/ruc2004 



Black Hat USA 2004 

Las Vegas 
BLACK HAT INC. 
www.blackhat.com 



July 24-29 



VSLive New York July 26-29 

New York 

FAWCETTE TECHNICAL PUBLICATIONS INC. 

www.ftponline.com/conferences 

/vslive/2004/ny 

Open Source Convention July 26-30 
Portland, Ore. 
O'REILLY MEDIA INC. 
conferences.oreillynet.com/os2004 



SCO Forum 

Las Vegas 

THE SCO GROUP INC. 

www.sco.com/2004forum 



Aug. 1-3 



LinuxWorld 
Conference & Expo 

San Francisco 

IDG WORLD EXPO CORP. 

www.linuxworldexpo.com 



Aug. 2-5 



HP World 2004 
Conference & Expo 

Chicago 
INTEREX 
www.hpworld.com 



Aug. 16-20 



Embedded Software Aug. 17-19 
Development Conference 

San Jose 

BZ MEDIA LLC 

www.esdevcon.com 

For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 

Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 



REQUIREMENTS TOOLS 

there had been a level of integration between RTM and 
Dimensions for several years. 

Owen said that Serena will continue promoting and 
developing RTM, which he positioned as being func- 
tionally between Telelogic's DOORS and Borland's 
CaliberRM tools. "It's not superheavy, but services a 
wide range of personas," he explained, adding that the 
lack of a requirements tool had placed Serena at a com- 
petitive disadvantage in offering complete application 
life-cycle tools against Borland, Telelogic and Rational, 
all of which offer their own requirements management 
software. 

Serena completed its $380 million acquisition of 
Merant last April and purchased TeamShare, maker of 
the TeamTrack defect-tracking system, in May 2003, for 
$18 million. In February 2001, it bought NetObjects, 
which offered a Web content management system, for 
$18 million. —Alan Zeichick 



IBM Corp. will combine its annual DeveloperWorks Live Technical Conference and its Rational User Conference into 
one event, to be held in Grapevine, Texas, July 18-22. The event will offer 200 sessions and 20 hands-on workshops 
on topics such as business-driven development, Model Driven Architecture, Unified Modeling Language (UML) 2.0, 
service-oriented architectures, regulatory compliance, and process and project management. IBM is expected to 
discuss its strategy for its WebSphere and Rational product lines, as well as plans for the Eclipse open-source 
framework and Linux operating system . . . Web services management platform vendor AmberPoint Inc. late last 
month announced it closed a third round of funding worth US$8.2 million, which included Motorola Ventures as a 
new investor. The company now has raised $30.8 million. In a separate announcement, AmberPoint announced it 
will release version 4.3 of its eponymous solution in August or September, with changes designed to improve scal- 
ability, reduce complexity and make the system more manageable. As Web services usage expands, organizations 
will need to deal with thousands of users and agreements, so the internal algorithms and user interface have been 
enhanced to deal with that, said Ed Horst, vice president of marketing. A noninvasive fingerprinting feature will al- 
low managers to see if applications are interacting with Web services beyond the organization's registry. The abil- 
ity to recover from remote agents of a central database also is new, Horst said. 

EARNINGS: Oracle Corp. reported fiscal-year 2004 net income of US$2.7 billion on revenues of $10.2 bil- 
lion. Income rose 16 percent from the prior year, the company stated, while revenues increased 7 percent. For 
the fourth quarter, net income rose 15 percent, to $990 million, on revenues of $3.1 billion. Oracle chairman 
Jeff Henley said, "That's the best operating profit we've ever delivered, even better than our best year dur- 
ing the Internet bubble." I 
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